Re: pkgsel
Brandon Mitchell <bmitch@surfree.com> writes:
> On Sat, 27 Nov 1999, Jason Gunthorpe wrote:
>
> >
> > On Fri, 26 Nov 1999, Brandon Mitchell wrote:
> >
> > > And before you get the silly idea that chroot is secure, there is also
> > > "chroot /proc/1/root".
> >
> > Does that seriously work?? Do the kernel people know? Gah - that sucks!
>
> It's been around a long long time. Someone mentioned it years ago when I
> asked about making a secure chrooted area that someone could have root in
> without messing up my system. Of course you can disable proc, but then
> there is the whole /dev directory, think /dev/hda. I'm sure there are
> ways to make it secure, but you can't have anywhere near a fully
> functional linux install too. I suppose hardware set in a read only mode
> can eliminate some of the possible damage. If on the other hand they
> aren't root, then there are no worries. You can't see /proc/1/root. You
> can't create setuid binaries. So now you make a secure install and have
> the file system privacy you normally get with separate machines.
>
> Brandon
If you are rot, you can edit kmem/kcore and just replace the root
inode pointer in your shells task structure to point at the real root
inode instead of the chroot one. After that your out of the chroot
again.
The remaining question is: How likely is it that someone tries and
succeeds and how long does it take him?
If you know that you will need to unchroot and you know about the
kernel in use you can probably write an unchroot within a day in
advance and be out of a chroot within seconds.
chroot and root or user executable chroot and proc filesystem will
kill all the security gained by chroot.
May the Source be with you.
Goswin
--
To UNSUBSCRIBE, email to debian-testing-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- References:
- Re: pkgsel
- From: Brandon Mitchell <bmitch@surfree.com>