From: | "Anthony G. Basile" <blueness@g.o> | ||
---|---|---|---|
To: | gentoo-hardened@l.g.o | ||
Subject: | Re: [gentoo-hardened] SYSRET 64bit Intel-only vulnerability | ||
Date: | Thu, 14 Jun 2012 15:02:55 | ||
Message-Id: | 4FD9F6D2.2070904@gentoo.org | ||
In Reply to: | [gentoo-hardened] SYSRET 64bit Intel-only vulnerability by "Tóth Attila" |
1 | On 06/13/2012 02:54 PM, "Tóth Attila" wrote: |
2 | > Possible local privilege escalation or guest-to-host VM escape. |
3 | > http://www.kb.cert.org/vuls/id/649219 |
4 | > |
5 | > OpenBSD is not affected. |
6 | > http://marc.info/?l=openbsd-misc&m=133957486127897&w=2 |
7 | > |
8 | > I wonder what will be the case with Gentoo and - especially - Hardened |
9 | > kernels? |
10 | > |
11 | > This has been removed from the CERT's page: |
12 | > http://hup.hu/cikkek/20120613/sysret_64_bites_opereracios_rendszer_privilege_escalation_sebezhetoseg_intel_cpu-s_hardveren#comment-1469883 |
13 | > |
14 | > Regards: |
15 | > Dw. |
16 | |
17 | Looks to me like: |
18 | |
19 | 1) you have to be running xen |
20 | 2) you have to have a paravirt 64-bit guest |
21 | 3) you have to have a 64-bit host |
22 | 4) a guest running a ring3 (userland privileges) process can gain ring 0 |
23 | on the host (kernel priveleges) |
24 | |
25 | I'm not sure that hardened + xen hypervisor even work on a host. I |
26 | remember flirting with it in the early days when I wanted to bring some |
27 | light to the whole hardened + virtualization world, but I didn't get |
28 | very far with xen and kvm worked so much better. |
29 | |
30 | -- |
31 | Anthony G. Basile, Ph.D. |
32 | Gentoo Linux Developer [Hardened] |
33 | E-Mail : blueness@g.o |
34 | GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
35 | GnuPG ID : D0455535 |