Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Nov 1995 16:24:27 +0100
From:      Poul-Henning Kamp <phk@critter.tfs.com>
To:        "Andrew V. Stesin" <stesin@elvisti.kiev.ua>
Cc:        security@FreeBSD.ORG
Subject:   Re: chroot/setuid vs type enforcement (fwd) 
Message-ID:  <423.817658667@critter.tfs.com>
In-Reply-To: Your message of "Wed, 29 Nov 1995 12:01:31 %2B0200." <199511291001.MAA15889@office.elvisti.kiev.ua> 

next in thread | previous in thread | raw e-mail | index | archive | help
> Here are interesting thoughts about hardening security of chrooted
> environment...
> 
> # 	Let's examine one possiblity. Suppose I am using chroot() to
> # protect my firewall. And the argument I want to make is that I want
> # to be sure, for sure, that nobody can tweak a buffer overrun and
> # call a socket from inside the chrooted area.

Amongst other things in this context you need to spoof/handle:

	the actual pid of "PID==1", since you don't want them
	to send weird signals to init.

	/dev  you probably don't even want them to be able to do a
	mknod...
	
--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Future will arrive by its own means, progress not so.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?423.817658667>