Re: BIND bugs of the month (fwd)

Alan Cox (alanLXORGUK.UKUU.ORG.UK)
Mon, 15 Nov 1999 00:58:15 +0000

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Elias Levy: "Re: BIND bugs of the month (spoofing secure Web sites?)"
• Previous message: Brian Fundakowski Feldman: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
• In reply to: Theo de Raadt: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"

> when i saw the linux chroot("../../../../../../../..") hole i about fell
> out of my chair. truly no place is safe any more.

Not a bug. chroot() requires root. root can use ioperm and other stuff.
If you put a setuid app or a root app in a chroot jail you are a fool.
Its not an OS specific bug either, its part of the way chroot()
works.

Named run sanely (as non-root and re-execed on an interface change) in
a chroot jail is pretty safe from exposing the machine, but as Dan
rightly points out not from subverting your DNS.

If you think bind is unauditable then help work on DENTS
(www.dents.org)

• Next message: Elias Levy: "Re: BIND bugs of the month (spoofing secure Web sites?)"
• Previous message: Brian Fundakowski Feldman: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
• In reply to: Theo de Raadt: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"

This archive was generated by hypermail 2.0b3 on Mon Nov 15 1999 - 01:35:14 CST