Vuln kernel chroot findtask

From Atomicorp Wiki
Revision as of 19:36, 10 February 2012 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

[edit] Processes inside a chroot are able to kill

This vulnerability means that certain types of attacks on the kernel are possible that can lead to a complete compromise of the system. "chroots" are ways of limiting access to the system, they are like a file system "jail". A process can be restricted to a certain part of the filesystem, and can not access or see anything else.

Users and processes can be placed into a chroot, which would prevent them from seeing and accessing other parts of the system. However, non-ASL kernels allow users and processes to send "signals" to other processes. This can allow the user or application ro kill those applications, access the memory used by processes outside the "chroot", which could result in those applications "escaping" the chroot they are in, signals could be used to compromise other applications or to stealing information from the system, or could potentially be used to compromise the system.

The ASL kernel contains security measures to prevent this.

If you see this vulnerability it can only be caused if you are not running the ASL kernel.

[edit] Next Steps

Check to see if you are using the ASL kernel by going to this link.

If you are not running the ASL kernel:

Please check that you have the kernel installed and then reboot your system into the ASL kernel.

Note: If you have a VPS system, you will not have your own kernel. Please install ASL on the host server.

Personal tools