[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chroot() break

On 24 May 2001, Artur Grabowski wrote:
> > > It may not be direclty applicable to OpenBSD, but it is a general
> > > reference/analysis for chroot operations at
> > > <http://www.bpfh.net/simes/computing/chroot-break.html>.  Take a look
> > > and determine your level of concern.
> > and what's stopping OpenBSD from doing the same thing that FreeBSD does
> > (ie fail if open file descripter)? Seems straightforward to me.
This was a surprise to me too some time ago I did quick review of kernel 
source related to chroot. Open BSD has no jail implementation like in Free
BSD yet. At least implementation of chroot-related security is more secure
then in Free BSD now. Seems Open BSD loses its positions at security
scene. ;(

> Why bother? root has many more ways to escape a chroot.
Sure. & it could be a very helpfull thing  - close'em all. See below.

> Closing all those possibilities would mean that root would loose all his 
> privileges while in chroot and then it's pointless to be root anyway.
Yes. This will. But in real practice most (think 100%) of things you do
need under chroot could be done from upper chroot & under chroot most
things that running (even part of time) with uid/gid 0 are damons serving
network. Thus removing most of root functionality from root user under
chroot won't hart most people. Rather it would help in increasing the
securty bariers. I currently investigating Linux kernel - testing
abilities to do some patch-work on 2.2.19. It's an offtopic here, but if
I'll find how & where to do this  - Open BSD will get lose a step
again. ;-)

MISiS Telecommunications
phone:   +7(095)955-0087