|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: gabriel rosenkoetter (gr
eclipsed.net)Date: Tue Jul 17 2001 - 09:36:56 CDT
On Fri, Jul 13, 2001 at 06:50:11PM -0400, Greg A. Woods wrote:
> I don't know if anyone's explored the possibilities of (ab)using
> networking services from within the chroot jail yet either....
Hrm.
That'd strike me as a bug in the network service in question more
than in our chroot(). Unless you're suggesting that chroot()ed
processes should not be allowed to use lo0 or connect to any local
device's registered IP addresses (this gets really fun with
multi-homed hosts).
While we're at it, shall chroot() disallow compromised services
running within a jail from attacking other hosts? Seems within the
same scope to me. (That is, I just don't think it's doable.)
--
~ g r eclipsed.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]