Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0

[Filipe Jorge Marques de Almeida <fjcfma@camoes.rnl.ist.utl.pt>]

On Fri, Jul 17, 1998 at 11:30:32AM +0300, Cougar wrote:
> What this chroot gives You? Actually this is protection against simple
> exec("/bin/sh") but every cracker may put chroot("/") before this and all
> the protection is destroyed.
> 
> [mod: It is slightly less trivial than 'chroot("/")', but if you can
> execute arbitrary code as root, you can break out of the chrooted
> environment. --REW]
>
	Yes, but at least the lastest version of bind has the option to drop
root prevs after opening the socket.
> My idea is to run named non-root UID/GID. As named needs to bind port 53
> which is below 1024 there are problem to execute it. One solution is to
> rewrite named code (like httpd) another is to make the hole into the
> kernel. Both are nonstandard solutions. There are also possible to use
> some portwrapper/redir. Does anyone use some of these?
	You can use the kernel firewall for this, but in this case, has in
most cases, there is no need.

--
						Filipe Marques de Almeida


--  
Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null