| |||||||||||||
Removing binary sysctlRemoving binary sysctlPosted Dec 10, 2009 8:45 UTC (Thu) by wahern (subscriber, #37304)Parent article: Removing binary sysctl
Ugh. Now those who use chroot will have even more headaches to deal with.
For instance, my portable arc4random (which uses KERN_RANDOM) will break. Requiring people to seed before the chroot happens, or requiring users to create device files in the chroot tree doesn't help; those things aren't required on other platforms.
One plus is that there'd be less kernel exposure in a chroot without either /proc or sysctl. And certainly in general removing code is good, though /proc has historically been riddled with kernel exploits; far more than sysctl ever produced. Indeed, the mere existence of /proc outside the chroot has its own problems, like exposing file descriptors--pipes, socketpairs--that would otherwise be unaddressable by other processes. Thus one of the strongest security characteristics--using descriptors as ad hoc "capability" tokens--is totally broken. File permissions aren't nearly as strong a security mechanism as the inability to reference the object.
(Log in to post comments)
Removing binary sysctl Posted Dec 10, 2009 10:02 UTC (Thu) by michich (subscriber, #17902) [Link] Indeed, the mere existence of /proc outside the chroot has its own problems, like exposing file descriptors--pipes, socketpairs--that would otherwise be unaddressable by other processes.Would this solve your concern?: mount --bind /proc/sys/kernel/random /some/dir/inside/your/chroot
Removing binary sysctl Posted Dec 10, 2009 15:24 UTC (Thu) by Spudd86 (guest, #51683) [Link]
I get the impression that you don't need to have /proc available to process making the syscall...
|
|||||||||||||