Date: Thu, 22 Feb 2001 19:28:05 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Bind problems Message-ID: <20010222192805.A12575@mollari.cthul.hu> In-Reply-To: <200102222330.f1MNU7e64567@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Thu, Feb 22, 2001 at 03:29:48PM -0800 References: <20010222134703.A7745@mollari.cthul.hu> <200102222330.f1MNU7e64567@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Feb 22, 2001 at 03:29:48PM -0800, Cy Schubert - ITSD Open Systems Group wrote: > > Even running in a chroot or jail only goes so far, because they can > > still run arbitrary code on the system as that user and use it to > > e.g. launch DDoS attacks, run an rc5des client, you name it :) > > I think you can mitigate or even eliminate that possibility. First, > make all files directories in the chrooted environment writable by root > only, except for named's log directory and the directory it places its > named.pid file. Next, union or nullfs mount with the noexec option the > directories where all of the named logs and pid file are written. > > The worst that could happen is that the intruder could fill your disk. No, they still get the ability to run arbitrary code because they compromise a running process and take over its execution context. The attacker just needs to upload the code into the processes memory space, instead of loading it from disk. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ldjFWry0BWjoQKURAujDAJ43smf0BqNL1olXX/Jf9uHhTYnAZgCgkryz XIXEeCShBsMqJONrt4SID94= =uQJo -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010222192805.A12575>