Re: chrooted superuser (was wu-ftpd info.)

kenbridge.com

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Aggelos D. Keromitis: "Re: NFS exporting"
• Previous message: Mike Evans: "Re: NFS exporting"
• Next in thread: Tom Fitzgerald: "Re: chrooted superuser (was wu-ftpd info.)"

Dangers of root in a chrooted environment...

Assume now that I have a tcp wrapper that does the chroot for ftpd
_whenever_ it's invoked.  This is true for non-anonymous as well as
anonyous logins; it happens before the ftpd is ever exec'ed.
Furthermore, assume that the chrooted-to volume is mounted
nosuid,nodev.  Can a trojaned ftpd be used to compromise or harm the
system outside of the ftp hierarchy?

Re: using fchroot to get out of jail; where could the necessary open
file descriptor come from?

--

I hope this isn't rehashing old news for everyone.  A number of
security tools use chroot as a part of their standard operating
procedure (e.g., TIS' fwtk), so it's important.  Any documents
available on the subject?

• Next message: Aggelos D. Keromitis: "Re: NFS exporting"
• Previous message: Mike Evans: "Re: NFS exporting"
• Next in thread: Tom Fitzgerald: "Re: chrooted superuser (was wu-ftpd info.)"