Rogue.Eagleattglobal.net

• Next message: Fred Cohen: "Re: chroot() and capabilities"
• Previous message: Kurt Seifried: "Re: chroot() and capabilities"
• In reply to: Kurt Seifried: "Re: chroot() and capabilities"
• Next in thread: Chris Evans: "Re: chroot() and capabilities"
• Next in thread: Fred Cohen: "Re: chroot() and capabilities"
• Reply: steve: "Re: chroot() and capabilities"
• Reply: Chris Evans: "Re: chroot() and capabilities"
• Reply: Crispin Cowan: "Re: chroot() and capabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kurt Seifried wrote:
>
> > Hi,
> > I've been following the security-audit mailing list and I have a
> [snipsnip]
> > Any input would be very appreciated.
>
> This is off topic. To summarize: I am runing a binary as root chrooted, is
> this safe.
>
> Not really. If it's running as root it can break out of the chroot jail
> without to much effort. An attacker can potentially upload stuff into that
> dir if they compromise the daemon. There is not much else you can do.
> Mounting a loopback partition of minimal size (so that there is no space to
> upload stuff), mounting it read only perhaps, but chroot on it's own is not
> much of a security mechanism.
>
> This list is called "security-audit", perhaps we should change it to:
> "security-audit-is-not-a-generic-linux-security-mailing-help-list".

Sorry, I'll never bother you again. I didn't mean any harm. Just
wanted some expert advice.

>
> > Thank you,
> > Steve
>
> -Kurt

• Next message: Fred Cohen: "Re: chroot() and capabilities"
• Previous message: Kurt Seifried: "Re: chroot() and capabilities"
• In reply to: Kurt Seifried: "Re: chroot() and capabilities"
• Next in thread: Chris Evans: "Re: chroot() and capabilities"
• Next in thread: Fred Cohen: "Re: chroot() and capabilities"
• Reply: steve: "Re: chroot() and capabilities"
• Reply: Chris Evans: "Re: chroot() and capabilities"
• Reply: Crispin Cowan: "Re: chroot() and capabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]