OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: chroot useful?

chroot useful?

Claudio Telmon (claudiolink.it)
Sat, 08 Nov 1997 20:38:10 +0100

I always had some doubts about the real protection that a chrooted
environment can give. As you know, there is a lot of things that can be
done in this environment, supposing you can bring some binaries in it:
connect to other ports using the loopback interface, connect to internal
hosts etc. These days I was talking about this with a list member, so I
tried on a linux box to mount the /proc filesystem in a chrooted
environment, and it worked. I had immediate access to all the process
descriptors, filtering rules and all a hacker may dream to reach in a
system.
It seems to be actually obvious, since the proc filesystem is an
interface to the kernel, and the kernel is still there even in chroot.
My questions are:
1) Did I miss something so that my test is meaningless?
2) I used the chroot command, not the system call; could the problem be
a consequence of a buggy implementation of the command? Maybe I should
try using the system call in a C program...
3) Is the problem common on other systems with the proc file system?
4) I didn't try mknod, but it should work the same way, right?
And finally: if the above is correct, what's the usefulness of chroot,
besides giving some more trouble to the hacker?

Thanks

ciao

- Claudio

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:48 CDT