Archives
Archives
| From: | "Anthony G. Basile" <blueness@g.o> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | Re: [gentoo-hardened] SYSRET 64bit Intel-only vulnerability | ||
| Date: | Thu, 14 Jun 2012 15:02:55 | ||
| Message-Id: | 4FD9F6D2.2070904@gentoo.org | ||
| In Reply to: | [gentoo-hardened] SYSRET 64bit Intel-only vulnerability by "Tóth Attila" |
||
| 1 | On 06/13/2012 02:54 PM, "Tóth Attila" wrote: |
| 2 | > Possible local privilege escalation or guest-to-host VM escape. |
| 3 | > http://www.kb.cert.org/vuls/id/649219 |
| 4 | > |
| 5 | > OpenBSD is not affected. |
| 6 | > http://marc.info/?l=openbsd-misc&m=133957486127897&w=2 |
| 7 | > |
| 8 | > I wonder what will be the case with Gentoo and - especially - Hardened |
| 9 | > kernels? |
| 10 | > |
| 11 | > This has been removed from the CERT's page: |
| 12 | > http://hup.hu/cikkek/20120613/sysret_64_bites_opereracios_rendszer_privilege_escalation_sebezhetoseg_intel_cpu-s_hardveren#comment-1469883 |
| 13 | > |
| 14 | > Regards: |
| 15 | > Dw. |
| 16 | |
| 17 | Looks to me like: |
| 18 | |
| 19 | 1) you have to be running xen |
| 20 | 2) you have to have a paravirt 64-bit guest |
| 21 | 3) you have to have a 64-bit host |
| 22 | 4) a guest running a ring3 (userland privileges) process can gain ring 0 |
| 23 | on the host (kernel priveleges) |
| 24 | |
| 25 | I'm not sure that hardened + xen hypervisor even work on a host. I |
| 26 | remember flirting with it in the early days when I wanted to bring some |
| 27 | light to the whole hardened + virtualization world, but I didn't get |
| 28 | very far with xen and kvm worked so much better. |
| 29 | |
| 30 | -- |
| 31 | Anthony G. Basile, Ph.D. |
| 32 | Gentoo Linux Developer [Hardened] |
| 33 | E-Mail : blueness@g.o |
| 34 | GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 35 | GnuPG ID : D0455535 |