Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Remote root hole in Samba
Posted Apr 11, 2012 15:45 UTC (Wed) by raven667 (subscriber, #5198)
Clearly there is still a significant amount of SMB which needs to be run as root though.
Posted Apr 11, 2012 16:00 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)
Posted Apr 11, 2012 16:15 UTC (Wed) by cmccabe (guest, #60281)
I've never heard anyone say this before. What makes you think that chroot jails are insecure in OpenBSD? Especially when the process being jailed does not run as root.
Posted Apr 11, 2012 16:20 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)
It's just that nobody really cares about OpenBSD a lot to search for vulnerabilities there.
Posted Apr 11, 2012 16:49 UTC (Wed) by drag (subscriber, #31333)
You'd have to use systrace in conjunction with chroot in OpenBSD to properly sandbox applications. That way you can restrict what type of syscalls can be used.
Posted Apr 11, 2012 17:17 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)
Posted Apr 14, 2012 20:37 UTC (Sat) by andres (guest, #83358)
systrace is only "vunerable" to TOCTOU/TOATOU if your policy involves checking pointer arguments.
systrace policies such as ssh's block entire syscalls outright; they don't check arguments. As such, those policies are not vulnerable.
Posted Apr 11, 2012 23:42 UTC (Wed) by cmccabe (guest, #60281)
Posted Apr 12, 2012 0:03 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
Posted Apr 15, 2012 17:23 UTC (Sun) by cmccabe (guest, #60281)
I think what may be confusing you is the fact that there have been a lot of privilege escalations in Linux over the years (although not in OpenBSD, which is what we were talking about-- remember?). However, most of those privilege escalations didn't involve insecure system calls. In fact there's only one that I can think of which did (maybe others can think of more).
Posted Apr 15, 2012 20:58 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)
I'm absolutely sure that Linux right now has multiple exploitable local vulnerabilities.
>However, most of those privilege escalations didn't involve insecure system calls. In fact there's only one that I can think of which did (maybe others can think of more).
It's like a clockwork! At least one local exploit a year.
Posted Apr 15, 2012 23:48 UTC (Sun) by spender (subscriber, #23067)
Posted Apr 19, 2012 20:46 UTC (Thu) by cmccabe (guest, #60281)
> Programs in OpenBSD chroot have access to all the syscalls.
> Probably at least several of them are vulnerable.
Now we've digressed into looking at a bunch of Linux (NOT OpenBSD) security flaws. How does this help you prove that OpenBSD is insecure?
Secondly, privilege separation, BSD jails, SELinux, ASLR, etc are still useful technologies even if they don't block 100% of exploits. I think most system administrators would consider being vulnerable to one exploit per year a VERY good record, for any of the major three platforms.
Posted Apr 11, 2012 16:42 UTC (Wed) by drag (subscriber, #31333)
I don't think that using chroot adds any insecurity over just running the process as a user, but it's important to keep in mind that chroot was never intended or designed to be a security mechanism.
Saying that chroot in OpenBSD is insecure is a bit like saying that home made cardboard gas tanks for cars have inadequate protections against leaks and fires. Sure both statements are absolutely true, but that is only because they are being used in ways never intended to by their original designers.
This is why we have BSDJails, Solaris containers, and LXC to do things properly.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds