|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: chroot() and capabilities
From: David Lang (david.lang
digitalinsight.com)Date: Fri Aug 11 2000 - 13:56:39 CDT
- Next message: Crispin Cowan: "Re: chroot() and capabilities"
- Previous message: Crispin Cowan: "Re: chroot() and capabilities"
- In reply to: Crispin Cowan: "Re: chroot() and capabilities"
- Next in thread: Crispin Cowan: "Re: chroot() and capabilities"
- Reply: David Lang: "Re: chroot() and capabilities"
- Reply: Crispin Cowan: "Re: chroot() and capabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
one question about your approach.
in a standard chroot there are seperate copies of the binaries which means
that if someone gets into the sandbox and corrupts it it only affects taht
sandbox. in your scheme it sounds like they would corrupt other parts of
the system that use the same binary.
am I missing something here?
David Lang
On Thu, 10 Aug 2000, Crispin Cowan
wrote:
> Date: Thu, 10 Aug 2000 13:20:32 -0700
> From: Crispin Cowan <crispinwirex.com>
> To: Chris Evans <chrisferret.lmh.ox.ac.uk>
> Cc: David A. Wagner <dawcs.berkeley.edu>, security-auditferret.lmh.ox.ac.uk
> Subject: Re: chroot() and capabilities
>
> Chris Evans wrote:
>
> > On 9 Aug 2000, David A. Wagner wrote:
> >
> > > (The tool is called Janus, and some out-of-date information can be found
> > > at http://www.cs.berkeley.edu/~daw/janus/.)
> >
> > Ah, Janus. I read about that a while ago. IIRC, it's about syscall
> > filtering.
> >
> > I think this is _very_ _very_ needed. I had no idea it was still in active
> > development, I was pondering the design of a "syscall firewall" recently
> > in fact.
> >
> > I'll explain why I believe some Janus-like facility is needed. Recently,
> > there has been increasing use of chroot() usage in daemons, e.g. statd,
> > telnetd (me), portmapper (Olaf) etc.
>
> We're working on something like that called SubDomain
> http://immunix.org/subdomain.html
>
> It's kind of like a flexible chroot on steriods. The major difference is
> that where chroot confines a program "by value" (need to copy everything it
> needs into the jail) SubDomain confines programs "by reference" (everything
> the program wants to touch is explicitly specified, along with RWX access
> modes). The idea is to make it feasible to wrap nearly everything that runs
> on a server in a SubDomain profile.
>
> Crispin
>
> --
> Crispin Cowan, Chief Scientist, WireX Communications, Inc. http://wirex.com
> Free Hardened Linux Distribution: http://immunix.org
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQEVAwUBOZRMaj7msCGEppcbAQHGEAf/Tauf7CCKKUeSHT4BWyEKnuGzEpuqIkyZ
abhWuuX4n7bK6fni2L7a4CFDJDFxYRPIZHIpNcEUcQVJ/GBxqaVges8uuJLbt3O5
PhtPyxe762f18QJj2aJYHK0SVnwVYT9pyuS/a5271dGBUp0Vq1WA7Yp7mL5v6eEq
75qygAUHUswSOvqjj8aotmzYO+gJ4I/vgT5sd4vJSu74MNgfZMa0jroDe5egblTs
Tzyih7efh/mgxPf5lxvOlWjFDPxBmisXZnEOqXSApe83XE4V3e6DoteYdzGeS0jb
SYk7xQnmiyiclyd7iVXXwxxfW2q4/qgvnjtT2S4PN6YCEym5WCDDlA==
=eWIR
-----END PGP SIGNATURE-----
- Next message: Crispin Cowan: "Re: chroot() and capabilities"
- Previous message: Crispin Cowan: "Re: chroot() and capabilities"
- In reply to: Crispin Cowan: "Re: chroot() and capabilities"
- Next in thread: Crispin Cowan: "Re: chroot() and capabilities"
- Reply: David Lang: "Re: chroot() and capabilities"
- Reply: Crispin Cowan: "Re: chroot() and capabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]