Re: [SLUG] Just how much security does chroot'ing services give you? R eal world examples?

• Next message: Brad Smith: "Re: [SLUG] Just how much security does chroot'ing services give you? Real world examples?"
• Previous message: Matt Miller: "Re: [SLUG] Linux Job"
• In reply to: Backward Thinker: "Re: [SLUG] Just how much security does chroot'ing services give you? R eal world examples?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Out of curiosity, could you elaborate (or link to docs) on how root can break out of a chroot
jail?

Also, the reason that I had been toying with chrooting sshd is to create a sort of 'airlock'
environment where the only account that could be logged into (since the chrooted daemon would have
it's own, severely pruned, copy of /etc/passwd) would be a shell that only has /bin/ssh available
to it. Heck, instead of a shell, it could just be a wrapper program that asks for an ip and sshes
to that ip on the internal network (including the internal interface of the gateway machine for a
real shell). The idea is that then even if sshd is compromised or the password is guessed, the
gateway can't be used as a staging area for further attacks agains the internal machines.

I'm curious what people think of this. Too much? Easily circumvented? Redundant (compared to just
chrooting the user)?

--Brad

--- Backward Thinker <backwardthinker@juno.com> wrote:
>
> > Properly set permissions don't protect against access by root.
> > Most services you would desire to protect by chroot()ing them
> > run as root.
>
> If your service is running as root, then running in a chroot jail does
> not buy you very much. Root can break out of a chroot jail fairly
> trivially by making a few chroot and chdir calls of its own. That's
> why it's important to make sure your service drops root priveledges.
>
> I suppose you might be able to get away with it as long as you don't
> have any compilers, or low-level interpreted language engines (perl,
> python), and no way for attackers to ftp out or whatever to bring in
> their own binaries, but even still, nature will find a way :). If
> your service is capable of dropping root priveledges, it needs to do
> so, because the only thing chrooting a process running as root gets
> you is a little time, and a false sense of security.
>
> ~ Daniel Jarboe
>
>
>
>
>
> ________________________________________________________________
> The best thing to hit the internet in years - Juno SpeedBand!
> Surf the web up to FIVE TIMES FASTER!
> Only $14.95/ month - visit www.juno.com to sign up today!

• Next message: Brad Smith: "Re: [SLUG] Just how much security does chroot'ing services give you? Real world examples?"
• Previous message: Matt Miller: "Re: [SLUG] Linux Job"
• In reply to: Backward Thinker: "Re: [SLUG] Just how much security does chroot'ing services give you? R eal world examples?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:24:23 EDT