[Devel] EEPROM changing
Vasiliy Kulikov
segoon at openwall.com
Wed Jan 26 07:22:55 PST 2011
Hi,
Currently root inside of VE may change EEPROM of any delegated network
device (vzctl --netdev_add) via ethtool's ETHTOOL_SEEPROM command:
(inside of virtualbox, Intel PRO/1000 MT Server)
ethtool -e eth1 => looking at 0x01
ethtool -E eth1 magic 0x100f8086 offset 0x01 value 0x01
ethtool -e eth1 => byte at 0x01 has changed
I'm in doubt whether it is a real security issue since no sensitive
information should be stored in EEPROM and VE's root may change all
networking settings (like MAC address) anyway. But maybe this should be
explicitly pointed in user guide as "warning"?
Thanks,
--
Vasiliy
More information about the Devel
mailing list