Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 02 Nov 1996 10:38:15 +0100
From:      Poul-Henning Kamp <phk@critter.tfs.com>
To:        Marc Slemko <marcs@znep.com>
Cc:        Don Lewis <Don.Lewis@tsc.tdk.com>, Dev Chanchani <dev@trifecta.com>, freebsd-security@freebsd.org
Subject:   Re: chroot() security 
Message-ID:  <4441.846927495@critter.tfs.com>
In-Reply-To: Your message of "Fri, 01 Nov 1996 23:38:23 MST." <Pine.BSF.3.95.961101225850.22655K-100000@alive.ampr.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <Pine.BSF.3.95.961101225850.22655K-100000@alive.ampr.ab.ca>, Marc Sl
emko writes:
>On Fri, 1 Nov 1996, Don Lewis wrote:
>
>> You can add various checks to the kernel to keep chroot()ed processes
>> from doing a lot of these things, but there is one deadly exploit that
>> someone posted to this list back in September.  By the clever use of
>> chroot() and chdir(), it is possible for a root process to waltz out
>> of a chroot()ed environment.  I don't know of a clean way of plugging
>> that hole.
>> 
>> BTW, thanks for mentioning ptrace().  I hadn't thought of that one.
>
>Yup, you certainly can add checks and in theory you should be able to plug
>all the holes IF you can find them.  My bet is that you won't be able to
>find them, so you can't make it secure.

One simple way is to disallow processes that have any *uid == 0 in the
chroot tree.   I did this once by comparing the rootfs pointer to that
of pid == 1 and if it was different and one of the uid's were zero
I killed the process.

The few operations that needed to do root things, sent a message over
a tcp pipe to a local process that would examine what process was at the
other end of the pipe and do the stuff to it if it made sense.  That
daemon ran outside the chroot env.

Sorry, can't give you the code, somebody paid me to do it.

--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Future will arrive by its own means, progress not so.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4441.846927495>