From owner-freebsd-current  Wed Dec 16 07:51:12 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA00591
          for freebsd-current-outgoing; Wed, 16 Dec 1998 07:51:12 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from server.noc.demon.net (server.noc.demon.net [193.195.224.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA00577
          for <current@freebsd.org>; Wed, 16 Dec 1998 07:51:06 -0800 (PST)
          (envelope-from fanf@demon.net)
Received: by server.noc.demon.net; id PAA11649; Wed, 16 Dec 1998 15:51:00 GMT
Received: from fanf.noc.demon.net(195.11.55.83) by inside.noc.demon.net via smap (3.2)
	id xma011639; Wed, 16 Dec 98 15:50:48 GMT
Received: from fanf by fanf.noc.demon.net with local (Exim 1.73 #2)
	id 0zqJIp-0000QT-00; Wed, 16 Dec 1998 15:55:55 +0000
To: current@FreeBSD.ORG
From: Tony Finch <dot@dotat.at>
Subject: Re: modification to exec in the kernel? 
Newsgroups: chiark.mail.freebsd.current
In-Reply-To: <199812151650.SAA68842@greenpeace.grondar.za>
Organization: Deliberate Obfuscation To Amuse Tony
References: <19981215120357.B11837@clear.co.nz> <199812142331.RAA17203@home.dragondata.com> <19981215124818.A22526@clear.co.nz> <199812150644.IAA67338@greenpeace.grondar.za> <199812150917.BAA52694@apollo.backplane.com> <19981216053701.B27078@clear.co.nz> <19981216053701.B27078@clear.co.nz>
Message-Id: <E0zqJIp-0000QT-00@fanf.noc.demon.net>
Date: Wed, 16 Dec 1998 15:55:55 +0000
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Mark Murray <mark@grondar.za> wrote:
>Joe Abley wrote:
>> So how is this more dangerous than a non-chrooted environment? Surely it
>> is _as_ safe - but with the added control that the user sees an appropriate
>> subset of the entire filesystem that is controlled, regardless of what the
>> system as a whole needs to have installed in order to function?
>
>You give the user Perl5, you may as well give them a C compiler.
>They'll have full access to sockets etc. Who knows what nasty
>attacks they can launch against you from inside your own network.

I think some sort of firewalling is the answer here.

>Given that the chroot'ed environment is "sanitised", it becomes
>easy to control (within its limits) and understand. I am not
>proposing security-by-obsurity here, just that you either make it
>"UNIX" and go with that warts-and-all (security patrols necessary),
>or make it tighter than a mouse's arse (and non-useful to
>scriptwriters).

Depends on the script -- if the only executable you allow the users
access to is perl it's still a useful environment.

Tony.
-- 
                       f.a.n.finch.523654357374743743747333764375697569700
                    fanf@demon.net
                                                        dot@dotat.at

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message