Re: Breaking out of chroot

From: Måns Rullgård (mru_at_users.sourceforge.net)
Date: 08/25/03

  • Next message: Tim Haynes: "Re: Breaking out of chroot" 
    Date: Mon, 25 Aug 2003 18:26:58 +0200

    Floyd Davidson <floyd@barrow.com> writes:

    > mru@users.sourceforge.net (Måns Rullgård) wrote:
    >>Admittedly, the risk of having a buggy program inside the
    >>chroot is smaller ...
    >
    > ...
    >
    >>I only showed that chroot is useless
    >>for this purpose.
    >
    > It seems you've show that it is *useful* for that purpose.

    How is that? Any non-zero risk for breach of security should be
    considered as 100%. If there's a way, someone will find it, if
    motivated. Putting things in a chroot environment for protection is
    only false security, which often is worse than no security at all. 

    -- 
Måns Rullgård
mru@users.sf.net
  • Next message: Tim Haynes: "Re: Breaking out of chroot"

    Relevant Pages

    • Re: Breaking out of chroot
      ... >>chroot is smaller ... ... >>I only showed that chroot is useless ... Any non-zero risk for breach of security should be ... only false security, which often is worse than no security at all. ...
      (comp.unix.programmer)
    • Re: chroot and re-mounted dirs
      ... >subdirs and files are not owned by the chrooted user and the user has no ... File access times might be used as a covert channel between programs ... Mounting read-only reduces risk. ... Supposing an attacher gets root inside the chroot - normally that's ...
      (comp.security.ssh)
    • Re: Security by hiding processes
      ... > Personally I'm a bit sceptic towards this kind of security through ... Hiding /proc is trivial in a chroot environment, ... The problem with this is that some applications need to see what is in /proc ...
      (Focus-Linux)
    • Re: Breaking out of chroot
      ... Any non-zero risk for breach of security should be ... > chroot environment for protection is only false security, ... To execute the posted code-snippet, you'd need to be able to get root in ... the chroot jail and somehow to compile C. Normally, ...
      (comp.unix.questions)
    • Re: Breaking out of chroot
      ... Any non-zero risk for breach of security should be ... > chroot environment for protection is only false security, ... To execute the posted code-snippet, you'd need to be able to get root in ... the chroot jail and somehow to compile C. Normally, ...
      (comp.unix.programmer)