| |||||||||||||
The Savannah Compromise - what really happened?The Savannah Compromise - what really happened?Posted Jan 3, 2004 2:13 UTC (Sat) by iabervon (subscriber, #722)In reply to: The Savannah Compromise - what really happened? by JoeBuck Parent article: The Savannah Compromise - what really happened?
On the other hand, it'd be very difficult to get root in the jail if
(Log in to post comments)
The Savannah Compromise - what really happened? Posted Jan 4, 2004 6:47 UTC (Sun) by Ross (subscriber, #4065) [Link] Yes, exactly. But one must be careful that anything running outside thechroot()ed area treats anything that is writable in the chroot()ed area as untrusted. This means being very careful opening files and validating inputs (it's a lot like handling /tmp correctly... i.e. almost impossible).
The Savannah Compromise - what really happened? Posted Jan 6, 2004 0:46 UTC (Tue) by JoeBuck (subscriber, #2330) [Link] But we are talking about actions taken in response to the Debian and Savannah compromises. Given a kernel bug that allows a cleverly written program to get root, if you can execute a program from within the jail and such a flaw exists, you get a get-out-of-jail-free card. Another such bug was just discovered. So, I repeat: chroot jails are useless if a kernel bug provides a root exploit.
The Savannah Compromise - what really happened? Posted Jan 8, 2004 23:06 UTC (Thu) by Ross (subscriber, #4065) [Link] Oh, yes, I completely agree in that case. But people weren't careful tolimit their arguments to that case. In fact, with a root-exploitable kernel bug any attacker that can run arbitrary code can access the whole system, no matter what user they run the code as or what type of jail the code is put into. In short, having a secure kernel is a requirement for any other security on the system so long as untrusted users have access to run code.
|
|||||||||||||