Re: chroot useful?

Paul McNabb (mcnabbargus-systems.com)
Fri, 14 Nov 1997 16:47:28 -0600

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Paul D. Robertson: "Re: Altavista v TIS toolkit on Linux, which is better?"
• Previous message: Linwood Ferguson: "RE: VPN to Remote Desktop"
• Maybe in reply to: Brian Boyter: "VPN to Remote Desktop"
• Next in thread: Anton J Aylward: "Re: chroot useful?"

> Date: Fri, 14 Nov 1997 02:54:59 +0000
> From: "Steven M. Bellovin" <smbresearch.att.com>
>
> >That is, chroot could be run to define the root point such that critical
> >files are inaccessible, and then the untrusted application would
> >subsequently be launched. Is this not correct?
>
> That was precisely my point -- that this opinion is not correct. There
> are numerous ways for root to break out of a chroot() "jail"; the simplest
> is to do mknod() to create new special device files for the real disks, and
> mount new file systems on those devices. Many other variants are possible
> as well.

Unless, again, your system allows you to prevent root from doing a mknod().
The use of capabilities and/or privileges can get around these mechanisms
that make chroot less secure. On Decaf'ed systems, processes running in
capability mode can't make the mknod() system call, even if the uid is 0.

paul

---------------------------------------------------------
Paul McNabb Argus Systems Group, Inc.
Vice President and CTO 1809 Woodfield Drive
mcnabbargus-systems.com Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433 "Securing the Future"
---------------------------------------------------------

• Next message: Paul D. Robertson: "Re: Altavista v TIS toolkit on Linux, which is better?"
• Previous message: Linwood Ferguson: "RE: VPN to Remote Desktop"
• Maybe in reply to: Brian Boyter: "VPN to Remote Desktop"
• Next in thread: Anton J Aylward: "Re: chroot useful?"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:48 CDT