previously on this list Marko Randjelovic contributed: > Well, we have the word "hardening" in the subject, I'm not sure > what OP meant, probably he ment more "security" then "hardening", > but grsecurity which is mentioned in wiki[1] contains features to > prevent breaking out of chroot, so combined with grsecurity chroot > might be called a security feature?
Fair enough but almost all of those escape mitigations combat an attacker with ROOT priviledges and you shouldn't have been running the daemon as root in the first place and what is not in the chroot makes raising priviledges to root much more difficult. Chroot *IS* a security feature as extensively used by dovecot including priv sep and coded into sshd and unbound and apache and nginx. People *HAVE* watched attackers get frustrated and leave. The first thing an attacker usually tries with an exploit is to load /bin/sh then they may try to get data into the filesystem but find the filesystem is noexec and likely not writable by the process owner. Then all of a sudden especially with ASLR and a nonexec stack things have gotten much more difficult and the chances of causing noticeable crashes increases. At this point if they haven't left already, two things are likely to happen, if it is non targeted as the kernel.org attack was they leave and find one of the many other systems to attack. If it is a buy and shoot attack it has failed to execute the buyers shell code or program and your just one more system that isn't on their botlist. Otherwise they have a more difficult task of exploring the process space and attacking the kernel or hoping the chroot is not owned by root or the cd was not invoked. Chroot also helps to prevent MAC bypass on systems where grsec prvi I/O is not disabled. The whole point is security is layers and in my opinion MAC should be the final layer but many distro's and more so Fedora than debian use it whilst ignoring their lax DAC permissions. I thought this would be a no-brainer default atleast for some packages. I guess I was wrong? -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ I have no idea why RTFM is used so aggressively on LINUX mailing lists because whilst 'apropos' is traditionally the most powerful command on Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) _______________________________________________________________________ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/450827.54193...@smtp120.mail.ir2.yahoo.com
