|
|
Subscribe / Log in / New account

Voodoo coding

Voodoo coding

Posted Jul 14, 2014 7:28 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
In reply to: Voodoo coding by wahern
Parent article: First Release of LibreSSL Portable Available

Except that chroot is NOT a way to minimize an attack surface. The docs says so. And the root user has tons of ways to escape the chroot on Linux.

to post comments

Voodoo coding

Posted Jul 14, 2014 14:18 UTC (Mon) by rsidd (subscriber, #2582) [Link]

The OP said "chroot jail", not "chroot" -- presumably meaning something like the FreeBSD version.

Voodoo coding

Posted Jul 14, 2014 18:53 UTC (Mon) by wahern (subscriber, #37304) [Link] (6 responses)

A chroot jail implies dropping privileges. It's not much of a jail if you can walk out.

Voodoo coding

Posted Jul 14, 2014 18:54 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link] (5 responses)

Linux doesn't have chroot jails.

Voodoo coding

Posted Jul 14, 2014 19:16 UTC (Mon) by wahern (subscriber, #37304) [Link] (4 responses)

chdir, chroot, setgid, setuid, etc.

Linux absolutely does support chroot jails. And plenty of software does this, and it's 100% portable to almost all POSIX-compliant or POSIX-aspiring systems. (Notwithstanding the fact that chroot was removed from POSIX.)

Actually, Linux supports chroot jails more than most, as PaX has patches which can prevent even root from breaking out using the normal methods, and there are patches floating around which allow you to keep descriptors to directories outside the chroot jail open by preventing use of fchdir or openat which would allow you to break out.

Voodoo coding

Posted Jul 14, 2014 20:21 UTC (Mon) by PaXTeam (guest, #24616) [Link]

PaX itself doesn't have the hardened chroot feature, grsecurity does.

Voodoo coding

Posted Jul 15, 2014 18:28 UTC (Tue) by drag (guest, #31333) [Link] (2 responses)

root in chroot still has root privileges. Unless you are extremely careful breaking out of a chroot 'jail' is _VERY_ easy.

If chroot made sense from a security perspective we wouldn't have any need for things like 'LXC containers'.

Voodoo coding

Posted Jul 15, 2014 20:34 UTC (Tue) by wahern (subscriber, #37304) [Link]

If you setgid and setuid to a non-privileged user and don't have any open directory descriptors, how easy is it to get out?

There are issues with signal and ptrace, but those are easily fixed by using a specialized UID and GID per service.

Arguing that root can break out of a chroot jail is a strawman. Nobody runs as root inside a chroot jail.

And if you're really paranoid, neither LXC nor even full-blown virtualization is sufficient, because the Linux kernel (like all software) is riddled with bugs, and last time I checked sophisticated hackers didn't find themselves defeated by the presence of VMWare or KVM.

Voodoo coding

Posted Jul 15, 2014 23:39 UTC (Tue) by dlang (guest, #313) [Link]

well, you would get out of root as quickly as you can after establishing the chroot, and if you properly minimize the things accessible inside the chroot you make it harder to find a local exploit to get back to root.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds