Date: Thu, 22 Feb 2001 19:28:05 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Bind problems Message-ID: <20010222192805.A12575@mollari.cthul.hu> In-Reply-To: <200102222330.f1MNU7e64567@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Thu, Feb 22, 2001 at 03:29:48PM -0800 References: <20010222134703.A7745@mollari.cthul.hu> <200102222330.f1MNU7e64567@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 22, 2001 at 03:29:48PM -0800, Cy Schubert - ITSD Open Systems G= roup wrote: > > Even running in a chroot or jail only goes so far, because they can > > still run arbitrary code on the system as that user and use it to > > e.g. launch DDoS attacks, run an rc5des client, you name it :) >=20 > I think you can mitigate or even eliminate that possibility. First,=20 > make all files directories in the chrooted environment writable by root= =20 > only, except for named's log directory and the directory it places its=20 > named.pid file. Next, union or nullfs mount with the noexec option the= =20 > directories where all of the named logs and pid file are written. >=20 > The worst that could happen is that the intruder could fill your disk. No, they still get the ability to run arbitrary code because they compromise a running process and take over its execution context. The attacker just needs to upload the code into the processes memory space, instead of loading it from disk. Kris --2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ldjFWry0BWjoQKURAujDAJ43smf0BqNL1olXX/Jf9uHhTYnAZgCgkryz XIXEeCShBsMqJONrt4SID94= =uQJo -----END PGP SIGNATURE----- --2fHTh5uZTiUOsy+g-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010222192805.A12575>