[nycbug-talk] Jail Performance

Sunny Dubey sunny-ml
Thu Jan 6 08:33:45 EST 2005


On Wednesday 05 January 2005 10:48, Isaac Levy wrote:

> Question for Sunny:
>
> - What happens if a UML instance has a buggy/exploitable kernel?  How
> or is it contained?  I'm just curious...

The UML kernel is run like any other process is.  So if I ran a UML kernel 
with the user USER1 and there was a local root exploit in the kernel, 
theoretically I could exploit the UML kernel and gain whatever privs USER1 
has on the host-OS.

(Well that is how it should work ... various compatibility bugs have prevented 
the above from happening in the past.  The intention is to *remove* these 
bugs.)

Sunny Dubey




More information about the talk mailing list