User: Password:
|
|
Subscribe / Log in / New account

The Savannah Compromise - what really happened?

The Savannah Compromise - what really happened?

Posted Jan 2, 2004 5:24 UTC (Fri) by dlang (subscriber, #313)
In reply to: The Savannah Compromise - what really happened? by jonabbey
Parent article: The Savannah Compromise - what really happened?

if you are root inside a chroot jail and the chroot has access to /proc, or anything in the chroot has access to file handles pointing outside the jail, or the system will honor raw access to a device from within that jail then the attacker has a way out of the jail.

the biggest problem is that even if you don't put any software in the chroot the attacker can install their own so they can then issue the mount command (along with the correct device info) to the kernel and the kernel will allow the access becouse you are root.

useing chroot can't prevent an attacker from getting into a system, but it is one more thing that they need to deal with to really get control of the system (and the more you strip down the chroot sandbox the more work it takes to break out and the less vunerable you are to automated attacks)


(Log in to post comments)

The Savannah Compromise - what really happened?

Posted Jan 4, 2004 6:45 UTC (Sun) by Ross (guest, #4065) [Link]

You are assuming the chroot() area is writable and that the compromized
process is running as root (non-root can not call mount(2)).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds