[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Task harden.



On Mon, Apr 02, 2001 at 09:28:16AM -0700, John H. Robinson, IV wrote:
> On Mon, Apr 02, 2001 at 11:42:11AM -0400, xsdg wrote:
> > > if this task-harden does ANYTHING at all it must get bind running in a
> > > chroot jail as named.named and not root.  
> > How can bind bind (no pun intended) to port 53 if it isn't root?
> 
> you use tcpserver to listen to port 53, with then spawns tinydns or
> dnscache (as required).
> 
> tinydns and dnscache both run in a chroot jail, as a non-root user.
> tcpserver.c is merely 426 lines long. all the files in the
> ucspi-tcp-0.88 tarball are 9151, making it possible to do a fairly
> complete audit for potential problems.

my bind configuration runs in a chroot jail as a non-root user as
well. 

as for dnscache and tcpserver they are non-free.  tell me when they
are free software and they can be considered.  its also been said they
ignore RFCs, that isn't very good code.  

> if you are using BIND, then you deserve what you get.[1]

only if you configure them wrong, as in letting it run as root.  

> -john
> 
> [1] call me hearless and cruel, but i put sendmail, bind, and wu-ftpd
>     all in the ``please r00t me!'' category

sendmail can't be made to run non-root, neither can wu-ftpd, bind can
so its risk is significantly lowered when such in done in combination
with chroot.  the only way to get r00ted with a properly configured
bind installation is if you manage to find a way to make a fully
chrooted, fully unprivileged process break out of the chroot jail and
run a shell, and from there find some other local exploit.  this
strikes me as rather unlikly.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpqY0QJdD1cp.pgp
Description: PGP signature


Reply to: