Re: Breaking out of chroot
From: Tim Haynes (usenet-20030826_at_stirfried.vegetable.org.uk)
Date: 08/26/03
- Previous message: Floyd Davidson: "Re: What protects Unices from Virus like attacks ??"
- In reply to: Floyd Davidson: "Re: Breaking out of chroot"
- Next in thread: Gianni Mariani: "Re: What protects Unices from Virus like attacks ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 26 Aug 2003 00:22:47 +0100
Floyd Davidson <floyd@barrow.com> writes:
> Exploits using resources that you aren't making available do not result
> in security breaches.
Yes, but it leaves one gap to consider: say, for example, I run bind9 -t
-u, which effects a chroot and setuid() to someone unprivileged; now, if I
see a snort signature for a known bind exploit, how do I test the integrity
of the box? Worse, if I see something successfully breaking into bind9, how
do I guarantee the *rest* of the box wasn't breached outside the jail, ie
that someone didn't break the jail?
ISTM this would be a valuable skill to enhance, anyway.
~Tim
-- Bag*** gave a big yawn, |piglet@stirfried.vegetable.org.uk and settled down to sleep. |http://spodzone.org.uk/
- Previous message: Floyd Davidson: "Re: What protects Unices from Virus like attacks ??"
- In reply to: Floyd Davidson: "Re: Breaking out of chroot"
- Next in thread: Gianni Mariani: "Re: What protects Unices from Virus like attacks ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
