>>>>> "Jim" == Jim Carter <[EMAIL PROTECTED]> writes:
Jim> If a very sharp hacker "gets root" on the UML guest, he can
Jim> overwrite the kernel any way he pleases, executing arbitrary
Jim> code as the UML special user. If he finds himself in a
Jim> chroot jail, he can import statically linked tools (using
Jim> ports that have to be open for the guest's mission) and
Jim> perpetrate the same 'sploit against the host. The jail makes
Jim> this harder but not impossible.
Okay, this lost me. "import statically linked tools (using ports ...)"
- what does this mean ? A cracker can run arbitary code as the uml
user running the uml (inside the chroot). Are you then suggesting he
could use exploitable daemons running on the host to obtain additional
"tools" within the chroot ?
Sincerely,
Adrian Phillips
--
Who really wrote the works of William Shakespeare ?
http://www.pbs.org/wgbh/pages/frontline/shakespeare/
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
