Date: Tue, 15 Dec 1998 18:50:51 +0200 From: Mark Murray <mark@grondar.za> To: Joe Abley <jabley@clear.co.nz> Cc: Matthew Dillon <dillon@apollo.backplane.com>, Kevin Day <toasty@home.dragondata.com>, freebsd-current@FreeBSD.ORG Subject: Re: modification to exec in the kernel? Message-ID: <199812151650.SAA68842@greenpeace.grondar.za> In-Reply-To: Your message of " Wed, 16 Dec 1998 05:37:01 %2B1300." <19981216053701.B27078@clear.co.nz> References: <19981215120357.B11837@clear.co.nz> <199812142331.RAA17203@home.dragondata.com> <19981215124818.A22526@clear.co.nz> <199812150644.IAA67338@greenpeace.grondar.za> <199812150917.BAA52694@apollo.backplane.com> <19981216053701.B27078@clear.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Abley wrote: > So how is this more dangerous than a non-chrooted environment? Surely it > is _as_ safe - but with the added control that the user sees an appropriate > subset of the entire filesystem that is controlled, regardless of what the > system as a whole needs to have installed in order to function? You give the user Perl5, you may as well give them a C compiler. They'll have full access to sockets etc. Who knows what nasty attacks they can launch against you from inside your own network. By assuming it is safe, you are mainly deluding yourself. Given that the chroot'ed environment is "sanitised", it becomes easy to control (within its limits) and understand. I am not proposing security-by-obsurity here, just that you either make it "UNIX" and go with that warts-and-all (security patrols necessary), or make it tighter than a mouse's arse (and non-useful to scriptwriters). We (an ISP) have constructed a non-chroot, noexec, no C-compiler, no-questions-asked box, and we still recognise the need to patrol. It works well, as long as the human intervention is recognised. Oh - while you are building this box - make sure that suidperl is not on board. :-) M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812151650.SAA68842>