Re: chroot

To: debian-security@lists.debian.org
Subject: Re: chroot
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Wed, 3 Oct 2001 21:05:49 -0300
Message-id: <20011003210548.O5215@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <200110010803.BAA27119@blars.org>
References: <20010924032741.B15557@dat.etsit.upm.es> <200110010803.BAA27119@blars.org>

On Mon, Oct 01, 2001 at 01:03:44AM -0700, Blars Blarson wrote:
> In article <20010924032741.B15557@dat.etsit.upm.es> jfs@computer.org writes:
> >	I am not sure everybody is aware of the "Securing Debian Manual"
> >which can be found at
> >http://www.debian.org/doc/manuals/securing-debian-howto/. In any case, I'm
> >asking for some help with this document due to the current overload of
> >information I'm suffering.
> 
> 
> One major problem I've noticed is it seems to perpetuate common
> misconseptions about chroot.  If you have root access in a chroot
> enviornment, it's quite possible to break out and take over the whole
> system.  (I've know of two ways off the top of my head, I'm sure there
> are others.) Giving untrusted code root access in a chroot enviornment
> is security by obscurity -- worthless against a determined attacker
> and the people setting it up are deluding themselves that their system
> are protected. 

 Yep, you can load modules, and you can run mknod(2) to make your own
/dev/hda, among other things.  These are blockable by removing capabilities,
though.  (At least, the modules attack is.)

> (Perhaps you should consider a section on "security by obscurity" and
> why it is useless.)

 Obscurity is not useless.  It is no good as your only defence, but combined
with solid security, obscurity makes an attackers job harder and more time
consuming.  If nothing else, it may well give you more time to see stuff
going on in the logs before the attacker breaks into anything where they can
do damage.

> Running non-root in a chroot enviornment does add a level of
> protection.  (You can't access world-readable files.)

 Also, you can't execute setuid binaries that aren't in the chroot, which
may have security problems with exploits known only to certain black-hats.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

Follow-Ups:
- Re: chroot
  - From: Christian Jaeger <christian.jaeger@sl.ethz.ch>

References:
- chroot (was Re: Need Help with the Debian Securing Manual (contributions accepted))
  - From: Blars Blarson <blarson@blars.org>

Prev by Date: Whose problems?
Next by Date: RE: chroot
Previous by thread: RE: chroot (was Re: Need Help with the Debian Securing Manual (contributions accepted))
Next by thread: Re: chroot
Index(es):
- Date
- Thread