On Monday 07 February 2005 16:20, Dominik Hirt wrote: > Hi Paolo > > I run a little provider for umls in Switzerland. > I've read on your page about security problems. > > Will you provide more infos on the web page? There are already (please explore the site), and they are fixed inside 2.6.9-bs6; the web-site also explains the usual good things to do for a public setup (runs UMLs as unprivileged users inside a chroot).
Also, the security fixes I talk about matter in a limited way - for UML's design, the root user can insert a module which does anything needed on the host (as the user running UML, of course). That's exactly how the "hostfs" module works. The security problems would allow an *unprivileged* UML user to access the host. > It's important for me to know wether the host or the guest kernel > ist affected an what sort of security hole it is (race condition, > buffer overflow ...) -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 http://www.user-mode-linux.org/~blaisorblade ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
