>Last but not least, I am very interested in Kris Kennaway's claim that "It may >also be possible to break out of the chroot jail on some platforms." If It is possible, especially if you have /proc mounted. It is made even more likely if you have processes inside and outside of the chroot environment running under the same uid. Note that if /proc is mounted it is very difficult, nay impossible in many systems to contain the root user inside a choot environment. Other possible escape roots are likely if you are using lofs (loopback mounts) to bring in outside data into the chroot, for example running imapd in a choot and the lofs mounting /var/mail into the chroot. Be very careful about what you bring into the chroot environment. chroot is NOT a security feature it never was intended as one, however many people use it as one as it helps to limit the impact of a service being exploited but do NOT ever rely on not being able to break out of the chroot. My general feeling is that if you wouldn't be happy running the service outside of a choot environment then you shouldn't run it at all. I'm not saying don't use choot what I'm saying is don't use it as a excuse to not fix security bugs. -- Darren J Moffat
Re: response to the bugtraq report of buffer overruns in imapd LIST command
Darren Moffat - Solaris Sustaining Engineering Wed, 19 Apr 2000 00:41:38 -0700
- Re: response to the bugtraq... Theo de Raadt
- Re: response to the bu... Mark Crispin
- Re: response to th... Henrik Nordstrom
- Re: response to th... R. C. Dowdeswell
- Re: response t... Mark Crispin
- Re: response to th... Warner Losh
- Re: response to the bu... Kris Kennaway
- Re: response to the bu... Darren Moffat - Solaris Sustaining Engineering
- Re: response to the bu... der Mouse
