Re: exiting chroot()
From: Måns Rullgård (mru_at_kth.se)
Date: 12/17/03
- Next message: Paul Pluzhnikov: "Re: problem with strerror"
- Previous message: Mark Rafn: "Re: exiting chroot()"
- In reply to: Mark Rafn: "Re: exiting chroot()"
- Next in thread: Felipe Cerqueira (skylazart): "Re: exiting chroot()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 17 Dec 2003 21:09:46 +0100
dagon@dagon.net (Mark Rafn) writes:
>>Barry Margolin <barmar@alum.mit.edu> writes:
>>> As long as it limits ordinary users properly, I think it's a reasonable
>>> security mechanism.
>
> In article <yw1xu13znwzg.fsf@kth.se>, Måns Rullgård <mru@kth.se> wrote:
>>There appears to be a wide-spread misconception that even root has to
>>stay put inside a chroot.
>
> True, but you can just say that, rather than making the sweeping claim
> that chroot is useless or worse.
>
> Chroot does not add security to root-owned processes on most OSes. It
> DOES add quite a lot of security to non-root processes, and perhaps to root
> processes on some OSes.
>
> I generally think of it as a way to make local privilege-escalation exploits
> much less likely. This is far from useless, and I highly recommend using
> chroot for this purpose.
chroot can prevent an unprivileged process from using (bugs in) other
programs, outside the chroot, to gain root privileges. If it somehow
manages to escalate its privileges inside the chroot (through a kernel
bug, or by using another program on the inside), it can easily get out
and start doing mischief. Proper use of chroot can possibly stop a
privilege escalation from happening, but it can't do anything to limit
the effects once it has happened.
-- Måns Rullgård mru@kth.se
- Next message: Paul Pluzhnikov: "Re: problem with strerror"
- Previous message: Mark Rafn: "Re: exiting chroot()"
- In reply to: Mark Rafn: "Re: exiting chroot()"
- Next in thread: Felipe Cerqueira (skylazart): "Re: exiting chroot()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
