Re: Breaking out of chroot

From: Tim Haynes (usenet-20030825_at_stirfried.vegetable.org.uk)
Date: 08/25/03

• Next message: Barry Margolin: "Re: What protects Unices from Virus like attacks ??"
• Previous message: Måns Rullgård: "Re: Breaking out of chroot"
• In reply to: Måns Rullgård: "Re: Breaking out of chroot"
• Next in thread: Floyd Davidson: "Re: Breaking out of chroot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Mon, 25 Aug 2003 18:33:21 +0100

[Bad nettiquette of unannounced f-up ignored]

mru@users.sourceforge.net (Måns Rullgård) writes:

[snip]
>> It seems you've show that it is *useful* for that purpose.
>
> How is that? Any non-zero risk for breach of security should be
> considered as 100%.

Says, erm, you...

> If there's a way, someone will find it, if motivated. Putting things in a
> chroot environment for protection is only false security, which often is
> worse than no security at all.

To execute the posted code-snippet, you'd need to be able to get root in
the chroot jail and somehow to compile C. Normally, the point of a chroot
jail is that you *don't* have large amounts of extra crud lying around.

Nothing is ever 100% secure, so you have to take what measures you can to
raise the hurdle above your cracker's cost-effectiveness threshold - and
that includes chrooting things into separate little bubbles within the
universe wherever reasonable.

ObSomething-nix: the code-snippet also relied on being able to call
chroot() from within a chroot-jail. Folks over in the linux camp have the
GRSecurity patches at their disposal, which tightens against exactly this
kind of attempted attack.

~Tim

-- 
There can be only one!                      |piglet@stirfried.vegetable.org.uk
                                            |http://spodzone.org.uk/

---

• Next message: Barry Margolin: "Re: What protects Unices from Virus like attacks ??"
• Previous message: Måns Rullgård: "Re: Breaking out of chroot"
• In reply to: Måns Rullgård: "Re: Breaking out of chroot"
• Next in thread: Floyd Davidson: "Re: Breaking out of chroot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Security by hiding processes ... > Personally I'm a bit sceptic towards this kind of security through ... Hiding /proc is trivial in a chroot environment, ... The problem with this is that some applications need to see what is in /proc ... (Focus-Linux) Re: Breaking out of chroot ... Any non-zero risk for breach of security should be ... > chroot environment for protection is only false security, ... To execute the posted code-snippet, you'd need to be able to get root in ... the chroot jail and somehow to compile C. Normally, ... (comp.unix.programmer) Re: exiting chroot() ... If security is so slack as to let someone login as root to run something ... >>>> The chroot() is designed so that it is not possible to exit from it. ... >> MnRr> Never rely on chroot for security. ... (comp.unix.programmer) Re: Breaking out of chroot ... Especially while in a chroot jail? ... >to gain root privileges outside of a chroot. ... in the security system. ... (comp.unix.programmer) Re: OT? Are chroots immune to buffer overflows? ... As far as I am concerned, and most other security professionals I know, ... chroot is a convenience function, ... single file you copy to the filesystem, and a single line for /etc/fstab). ... (Vuln-Dev)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.unix.questions  > 2003-08