[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: breaking chroot with ptrace and shared memory-- is it really possible?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: breaking chroot with ptrace and shared memory-- is it really possible?
- From: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>
- Date: Fri, 18 Jul 2003 01:26:03 -0400
- Mail-followup-to: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>, misc_(_at_)_openbsd_(_dot_)_org
Chroot is handy to keep generally non-malicious bugs from
affecting things around the system. No good security person
will claim that chroot is real protection.
This horse was beaten pretty dead on a couple firewalls lists
in 1995 or so.
Oh, and when I *do* run a service as a user, it's not "nobody".
People kept doing that in a large NFS environment, and I kept
showing that by coming is as root (or indeed many other users),
I could be "nobody" on their system and that "nobody" was way
named runs as, er, "named".
ssh runs as "name^H^H^H^Hssh".
See, not much runs as "nobody". And less and less runs
Quoting James Strandboge (jstrand1_(_at_)_rochester_(_dot_)_rr_(_dot_)_com):
> I was reading this post:
> and was wondering if what the guy was saying has an real merit.
> Apparently it is someone from grsecurity, and I read most of the various
> threads. The poster has quite an attitude, but got me wondering. He
> mentions "on openbsd ... (remember, on i386 it's still only a non-exec
> stack) you can execute code in the shared memory." The post is from
> April-- doesn't ProPolice affect this statement.
> By 'breaking chroot' I don't necessarily mean the chroot system call,
> but rather 'breaking the security of the system when chroot is in
> place'. Even though the guy has a 'holier than thou' attitude, he kept
> talking about how 'trivial' it was to break a chrooted daemon on
> openbsd, or even ssh (later in the thread).
> I checked misc and tech archives, but couldn't find anything.
> The original post that started the above thread dealt with:
> Jamie Strandboge