Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 3 Nov 1996 19:27:55 -0800
From:      Don Lewis <Don.Lewis@tsc.tdk.com>
To:        Poul-Henning Kamp <phk@critter.tfs.com>, Marc Slemko <marcs@znep.com>
Cc:        Don Lewis <Don.Lewis@tsc.tdk.com>, Dev Chanchani <dev@trifecta.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: chroot() security
Message-ID:  <199611040327.TAA10276@salsa.gv.ssi1.com>
In-Reply-To: Poul-Henning Kamp <phk@critter.tfs.com> "Re: chroot() security" (Nov  2, 10:38am)
next in thread | previous in thread | raw e-mail | index | archive | help 
On Nov 2, 10:38am, Poul-Henning Kamp wrote:
} Subject: Re: chroot() security
} In message <Pine.BSF.3.95.961101225850.22655K-100000@alive.ampr.ab.ca>, Marc Sl
} emko writes:
} >Yup, you certainly can add checks and in theory you should be able to plug
} >all the holes IF you can find them.  My bet is that you won't be able to
} >find them, so you can't make it secure.
} 
} One simple way is to disallow processes that have any *uid == 0 in the
} chroot tree.   I did this once by comparing the rootfs pointer to that
} of pid == 1 and if it was different and one of the uid's were zero
} I killed the process.
} 
} The few operations that needed to do root things, sent a message over
} a tcp pipe to a local process that would examine what process was at the
} other end of the pipe and do the stuff to it if it made sense.  That
} daemon ran outside the chroot env.

I'm not convinced this is more secure.  It may be possible for the chroot()ed
process to trick the non-chroot()ed process into doing something bad, perhaps
by following a /some/path/outside/chroot symlink that the chroot()ed process
created in the chroot() environment.  If the root process was also chroot()ed,
then the damage it does would be contained within that environment, unless
it could be tricked into arbitrary code (via a buffer overflow exploit, etc.)
to get it out of that environment.  If the latter is possible, then you're
already in deeper yogurt if the root process is not chroot()ed.

			---  Truck

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611040327.TAA10276>