OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: chroot useful?

Re: chroot useful?

Paul McNabb (mcnabbargus-systems.com)
Fri, 14 Nov 1997 16:43:38 -0600

> From: Bernhard Schneck <Bernhard_Schneckgenua.de>
>
> In message <199711132205.RAA01373itd.nrl.navy.mil> you write:
> > I was under the impression that running the chroot() command on a UNIX
> > box would make it impossible for all subsequently launched programs to
> > access files located above the newly defined root point, even if such
> > programs are launched with a UID of 0. [...]
>
> Probably most members of this list know already (or why would this
> be a ``wizzards'' list :-), but the usual unix/posix system call
> specifications *require* a way to break out of a chroot environment
> (at least for root).
>
> So either don't trust chroot, or don't be posix.

However, on Unix systems using privilege instead of root, a process
with UID=0 is treated like any other process in terms of chroot().
With the Argus stuff, the privilege to override for chroot is separate
from all others, so you can in fact use chroot for isolation.

Of course with B-level security or capabilities (such as Decaf) you
can remove files and directories from the domain of a process, but
this is based on access control rather than namespace modification.

paul

---------------------------------------------------------
Paul McNabb Argus Systems Group, Inc.
Vice President and CTO 1809 Woodfield Drive
mcnabbargus-systems.com Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433 "Securing the Future"
---------------------------------------------------------

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:48 CDT