User: Password:
|
|
Subscribe / Log in / New account

The Savannah Compromise - what really happened?

The Savannah Compromise - what really happened?

Posted Jan 3, 2004 2:13 UTC (Sat) by iabervon (subscriber, #722)
In reply to: The Savannah Compromise - what really happened? by JoeBuck
Parent article: The Savannah Compromise - what really happened?

On the other hand, it'd be very difficult to get root in the jail if
there's nothing setuid root or running as root in the jail. Anything
kernel-level that will give you root in this situation would probably let
you do arbitrary other things anyway, and anything userspace can't give
you root. Tasks requiring root access can be done from outside the jail,
so in-jail root doesn't actually need to be possible at all, which makes
security auditting much simpler, because you can be sure that permissions
will be followed by everything in the jail.


(Log in to post comments)

The Savannah Compromise - what really happened?

Posted Jan 4, 2004 6:47 UTC (Sun) by Ross (guest, #4065) [Link]

Yes, exactly. But one must be careful that anything running outside the
chroot()ed area treats anything that is writable in the chroot()ed area as
untrusted. This means being very careful opening files and validating
inputs (it's a lot like handling /tmp correctly... i.e. almost impossible).

The Savannah Compromise - what really happened?

Posted Jan 6, 2004 0:46 UTC (Tue) by JoeBuck (guest, #2330) [Link]

But we are talking about actions taken in response to the Debian and Savannah compromises. Given a kernel bug that allows a cleverly written program to get root, if you can execute a program from within the jail and such a flaw exists, you get a get-out-of-jail-free card. Another such bug was just discovered.

So, I repeat: chroot jails are useless if a kernel bug provides a root exploit.

The Savannah Compromise - what really happened?

Posted Jan 8, 2004 23:06 UTC (Thu) by Ross (guest, #4065) [Link]

Oh, yes, I completely agree in that case. But people weren't careful to
limit their arguments to that case. In fact, with a root-exploitable
kernel bug any attacker that can run arbitrary code can access the whole
system, no matter what user they run the code as or what type of jail the
code is put into. In short, having a secure kernel is a requirement for
any other security on the system so long as untrusted users have access to
run code.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds