blueness at gentoo
Jun 14, 2012, 7:36 AM
Post #2 of 2
(169 views)
Permalink
|
|
Re: SYSRET 64bit Intel-only vulnerability
[In reply to]
|
|
On 06/13/2012 02:54 PM, "Tóth Attila" wrote:
> Possible local privilege escalation or guest-to-host VM escape.
> http://www.kb.cert.org/vuls/id/649219
>
> OpenBSD is not affected.
> http://marc.info/?l=openbsd-misc&m=133957486127897&w=2
>
> I wonder what will be the case with Gentoo and - especially - Hardened
> kernels?
>
> This has been removed from the CERT's page:
> http://hup.hu/cikkek/20120613/sysret_64_bites_opereracios_rendszer_privilege_escalation_sebezhetoseg_intel_cpu-s_hardveren#comment-1469883
>
> Regards:
> Dw.
Looks to me like:
1) you have to be running xen
2) you have to have a paravirt 64-bit guest
3) you have to have a 64-bit host
4) a guest running a ring3 (userland privileges) process can gain ring 0
on the host (kernel priveleges)
I'm not sure that hardened + xen hypervisor even work on a host. I
remember flirting with it in the early days when I wanted to bring some
light to the whole hardened + virtualization world, but I didn't get
very far with xen and kvm worked so much better.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness [at] gentoo
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
|
