Re: [SLUG] Just how much security does chroot'ing services give you? R eal world examples?

From: Andrew M Hoerter (amh@pobox.com)
Date: Tue Jun 24 2003 - 22:43:42 EDT

Next message: bpreece1: "Re: [SLUG] debian on an nforce 1 motherboard."
Previous message: Steven Buehler: "Re: [SLUG] debian on an nforce 1 motherboard."
In reply to: Backward Thinker: "Re: [SLUG] Just how much security does chroot'ing services give you? R eal world examples?"
Next in thread: Brad Smith: "Re: [SLUG] Just how much security does chroot'ing services give you? R eal world examples?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 24 Jun 2003, Backward Thinker wrote:

[I said:]
> > Properly set permissions don't protect against access by root.
> > Most services you would desire to protect by chroot()ing them
> > run as root.

> If your service is running as root, then running in a chroot jail does
> not buy you very much. Root can break out of a chroot jail fairly
> trivially by making a few chroot and chdir calls of its own. That's
> why it's important to make sure your service drops root priveledges.

You're absolutely right, of course. I'm not sure what I was thinking
about there, but...

OpenBSD's named runs as named, apache runs under its own username, etc.

Next message: bpreece1: "Re: [SLUG] debian on an nforce 1 motherboard."
Previous message: Steven Buehler: "Re: [SLUG] debian on an nforce 1 motherboard."
In reply to: Backward Thinker: "Re: [SLUG] Just how much security does chroot'ing services give you? R eal world examples?"
Next in thread: Brad Smith: "Re: [SLUG] Just how much security does chroot'ing services give you? R eal world examples?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:22:14 EDT