[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chroot

At 21:05 Uhr -0300 3.10.2001, Peter Cordes wrote:
 Yep, you can load modules, and you can run mknod(2) to make your own
/dev/hda, among other things.  These are blockable by removing capabilities,
though.  (At least, the modules attack is.)

I think another one is creating a [k]mem device (haven't tried it). Afaik, LIDS people had to introduce/implement a new capability to block direct memory access, which implies that on a normal kernel you can't prevent root from escaping chroot.

 Obscurity is not useless.  It is no good as your only defence, but combined
with solid security, obscurity makes an attackers job harder and more time
consuming.  If nothing else, it may well give you more time to see stuff
going on in the logs before the attacker breaks into anything where they can
do damage.

I guess it really depends on whether obscurity is used in a standard install (-> exploits are spread), or only in one particular install (that doesn't allow the use of some standard procedure).


Reply to: