Difference between revisions of "Vuln kernel chroot caps"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "= Root processes within a chroot jail are not restricted = This vulnerability means that certain types of attacks on the kernel are possible that can lead to a complete comp...")
 
m (Root processes within a chroot jail are not restricted)
 
Line 1: Line 1:
 
= Root processes within a chroot jail are not restricted  =
 
= Root processes within a chroot jail are not restricted  =
  
This vulnerability means that certain types of attacks on the kernel are possible that can lead to a complete compromise of the system.  "chroots" are ways of limiting access to the system.  Users and processes can be placed into a chroot, which would prevent them from seeing and accessing other parts of the system.  However, if a user or process becomes root (or already is root), chroot restrictions can be bypassed.  The [[ASL]] kernel contains security measures to prevent this.
+
This vulnerability means that certain types of attacks on the kernel are possible that can lead to a complete compromise of the system.  "chroots" are ways of limiting access to the system.  Users and processes can be placed into a chroot, which would prevent them from seeing and accessing other parts of the system.  However, if a user or process requests priviliged capabilities, becomes root or already is root, chroot restrictions can be bypassed.  The [[ASL]] kernel contains security measures to prevent this.
  
 
If you see this vulnerability it can only be caused if you are not running the [[ASL]] kernel.
 
If you see this vulnerability it can only be caused if you are not running the [[ASL]] kernel.

Latest revision as of 19:20, 10 February 2012

[edit] Root processes within a chroot jail are not restricted

This vulnerability means that certain types of attacks on the kernel are possible that can lead to a complete compromise of the system. "chroots" are ways of limiting access to the system. Users and processes can be placed into a chroot, which would prevent them from seeing and accessing other parts of the system. However, if a user or process requests priviliged capabilities, becomes root or already is root, chroot restrictions can be bypassed. The ASL kernel contains security measures to prevent this.

If you see this vulnerability it can only be caused if you are not running the ASL kernel.

[edit] Next Steps

Check to see if you are using the ASL kernel by going to this link.

If you are not running the ASL kernel:

Please check that you have the kernel installed and then reboot your system into the ASL kernel.

Note: If you have a VPS system, you will not have your own kernel. Please install ASL on the host server.

Personal tools