You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is common for modern Linux kernels (or distributions) to have /dev mounted with noexec flag to enhance security (such as the Ubuntu 20.04 LTS cloud image which we used in our tests). But this prevents VMSH from spawning the stage2 process, as the following kmsg states:
... where -13 = Permission denied. Removing the noexec flag with mount -o remount,exec /dev resolves the problem.
Maybe some additional checks should be added to prevent stage1 from extracting stage2 binaries into unsuitable directories, such as those with ro or noexec?
The text was updated successfully, but these errors were encountered:
Yes. There should be definitely fallback directories like /tmp etc. The only tricky part is that we don't want to use a lot of kernel api for compatibility reasons. The easiest solution would be to process if execution fails here:
It is common for modern Linux kernels (or distributions) to have
/dev
mounted withnoexec
flag to enhance security (such as the Ubuntu 20.04 LTS cloud image which we used in our tests). But this prevents VMSH from spawning thestage2
process, as the following kmsg states:... where -13 = Permission denied. Removing the
noexec
flag withmount -o remount,exec /dev
resolves the problem.Maybe some additional checks should be added to prevent stage1 from extracting stage2 binaries into unsuitable directories, such as those with
ro
ornoexec
?The text was updated successfully, but these errors were encountered: