On 10.03.2015 21:32, Solar Designer wrote: > On Tue, Mar 10, 2015 at 02:35:41PM +0100, lst_ho...@kwsoft.de wrote: >> Zitat von Benjamin Henrion <zoo...@gmail.com>: >>> Could this be used to gain HN root access from a container: >>> >>> http://googleprojectzero.blogspot.be/2015/03/exploiting-dram-rowhammer-bug-to-gain.html?m=1 >>> >>> best, >> As i understand this is a hardware defect, so yes it would be >> exploitable within any OS which does not explicit prevent the usage >> pattern of RAM. > Yes, but patching the Linux kernel to restrict access to > /proc/self/pagemap may mitigate the currently described attack. This is > something the OpenVZ project may do.
Wouldn't that still leave the way to attack via hugepages which makes /proc/self/pagemap partially unneeded? Regards, Carl-Daniel _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
