Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
>On Tue, 14 Jul 1998, Carlos Barros wrote:
>
>> On Tue, 14 Jul 1998, cfb wrote:
>>
>> > The main problem seems to be with the way that debian starts bind
using
>> > the script /etc/init.d/bind. I thought it would be really neat to
just
>> > change the #!/bin/sh at the top of the script to something like :
>> > #!/usr/sbin/chroot /chroot-dns/ /bin/sh
>> > or
>> > #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh
>>
>>
>> try changing only the line that start the bind daemon eg:
>>
>> chroot /chroot-dns/ /bin/named
>
>What this chroot gives You? Actually this is protection against simple
>exec("/bin/sh") but every cracker may put chroot("/") before this and all
>the protection is destroyed.
use the -u and -g to set the UID/GID.
http://redhat-security.seifried.org/
tells all =)
>[mod: It is slightly less trivial than 'chroot("/")', but if you can
>execute arbitrary code as root, you can break out of the chrooted
>environment. --REW]
>
>My idea is to run named non-root UID/GID. As named needs to bind port 53
>which is below 1024 there are problem to execute it. One solution is to
>rewrite named code (like httpd) another is to make the hole into the
>kernel. Both are nonstandard solutions. There are also possible to use
>some portwrapper/redir. Does anyone use some of these?
>
>[mod: Patches are floating around. -- REW]
>---
>Cougar
-seifried
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: