Difference between revisions of "Vuln kernel priv io"

From Atomicorp Wiki
Jump to: navigation, search
m (Critical Risk: Privileged Kernel I/O is allowed.)
m (False Positives)
 
Line 30: Line 30:
  
 
There are no known False Positives for this.
 
There are no known False Positives for this.
 +
 +
If you are using an application that requires privileged I/O operations, we strongly caution against disabling this protection.  We recommend instead that you discuss this with the application developer and require them to use safer methods.  Disabling this protection will make it possible for rootkits to be installed on the systems (this is also true of all non-ASL kernels, which do not have this protection).

Latest revision as of 15:54, 11 April 2012

[edit] Critical Risk: Privileged Kernel I/O is allowed.

This means that your kernel allows priviliged Input/Output (I/O) operations. ASL includes a special kernel that includes the capability to prevent this.

This means that an attacker can potentially bypass your kernels security safeguards to make changes to the underlining operating system and kernel. iopl and ioperm functions have been used in the wild for installing rootkits into running Linux kernels.

The ASL kernel restricts this so that the kernel can not be re-written to install rootkits, and so that security safeguards can not be bypassed. This prevents an attacker from installing malicious software on the system as a non-root user.

If you see this vulnerability it means:

1) You are not running the ASL kernel

2) You have disabled this protection in the ASL kernel.

[edit] Next Steps

First check to see if you are using the ASL kernel by going to this link.

If you are not running the ASL kernel:

Please reboot your system into the ASL kernel.

Note: If you have a VPS system, you will not have your own kernel. Please install ASL on the host server.

If you are running the ASL kernel:

Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen. Scroll down to DISABLE_PRIVILEGED_IO and set this to "yes" then click update. You will need to reboot your server for this setting to be implemented on the server.

[edit] False Positives

There are no known False Positives for this.

If you are using an application that requires privileged I/O operations, we strongly caution against disabling this protection. We recommend instead that you discuss this with the application developer and require them to use safer methods. Disabling this protection will make it possible for rootkits to be installed on the systems (this is also true of all non-ASL kernels, which do not have this protection).

Personal tools