| |||||||||||||
The Savannah Compromise - what really happened?The Savannah Compromise - what really happened?Posted Jan 6, 2004 0:46 UTC (Tue) by JoeBuck (subscriber, #2330)In reply to: The Savannah Compromise - what really happened? by iabervon Parent article: The Savannah Compromise - what really happened?
But we are talking about actions taken in response to the Debian and Savannah compromises. Given a kernel bug that allows a cleverly written program to get root, if you can execute a program from within the jail and such a flaw exists, you get a get-out-of-jail-free card. Another such bug was just discovered. So, I repeat: chroot jails are useless if a kernel bug provides a root exploit.
(Log in to post comments)
The Savannah Compromise - what really happened? Posted Jan 8, 2004 23:06 UTC (Thu) by Ross (subscriber, #4065) [Link] Oh, yes, I completely agree in that case. But people weren't careful tolimit their arguments to that case. In fact, with a root-exploitable kernel bug any attacker that can run arbitrary code can access the whole system, no matter what user they run the code as or what type of jail the code is put into. In short, having a secure kernel is a requirement for any other security on the system so long as untrusted users have access to run code.
|
|||||||||||||