chroot does nothing to hide uid 0. It makes a subdirectory appear as /, so you can
give somebody access to /publicdirectory, and to them it's /... they can't cd out of
that heirarchy to the rest of your filesystem. No hack can give them the plain text
of /etc/shadow (or /etc/security/passwd, or whatever), they can't execute a carelessly
unguarded suid program, they can't drop an insecure command into root's crontab,
whatever.
Tim Conway
[EMAIL PROTECTED]
303.682.4917
Philips Semiconductor - Colorado TC
1880 Industrial Circle
Suite D
Longmont, CO 80501
[EMAIL PROTECTED]@[EMAIL PROTECTED] on 04/07/2001 06:57:14 AM
Sent by: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]@SMTP
cc: [EMAIL PROTECTED]@SMTP
Subject: Re: Rsync: Re: password prompts
Classification:
Lachlan,
Thanks for the response! I haven't tried it yet, but does ssh with a
passphrase address your concern? If somebody steals your private key
can it be used without the passphrase?
Thanks,
Randy Kramer
PS: Thanks for the discussion. From what you've said and other things
I've heard before, my impression of chrooting is that you somehow create
an "artificial" root account / environment with limited privileges, and
somebody that uses this artificial account cannot get to the real root
account? Is this close?
Lachlan Cranswick wrote:
> While chroot'ing may be considered flawed: given 99% of present
> hacking seems to be by the unskilled running auto-scripts -
> (looking for suckers who have unpatched systems or setup flaws):
> anything that frustrates these scripts, minimizes un-needed services
> and/or provides "non-standard" (rsync?) chrooted environments which
> requiring custom/non-automated skills to overcome are going to be
> effective to a large degree.
>
> (also using a deception toolkit on all exposed and unexposed
> servers and UNIX clients (minimicking services) can also make
> things more interesting: e.g., http://www.all.net/dtk )
> E.g., For running a remotely mirrored UNIX webserver - nothing more is
> needed than webserver(apache) and rsync. And, if given remote admin
> rights, a very tight custom OpenSSH install(?)
>
> Passwordless secureshell accounts for tunnelling rsync through
> is potentially one degree of freedom too many(!?)
