2007-09-26 11:35:08

by Miloslav Semler

[permalink] [raw]
Subject: Re: Chroot bug

Alan Cox napsal(a):
>> but many program use this as security feature. So do you think that bind
>> may use vserver?
>>
>
> It would be a lot stronger if it did. A bind running non-root will be
> probably safe. A bind running as root can be attacked and break out of a
> chroot trivially. I guess it depends how you run bind.
>
but not bind with selinux. It can chroot, but not does other things. So
there is an question: Why we do not fix it. Tell me please some other
reason than "you can workaround chroot other ways".


2007-09-26 14:03:54

by Alan

[permalink] [raw]
Subject: Re: Chroot bug

On Wed, 26 Sep 2007 13:34:53 +0200
Miloslav Semler <[email protected]> wrote:

> Alan Cox napsal(a):
> >> but many program use this as security feature. So do you think that bind
> >> may use vserver?
> >>
> >
> > It would be a lot stronger if it did. A bind running non-root will be
> > probably safe. A bind running as root can be attacked and break out of a
> > chroot trivially. I guess it depends how you run bind.
> >
> but not bind with selinux. It can chroot, but not does other things. So
> there is an question: Why we do not fix it. Tell me please some other
> reason than "you can workaround chroot other ways".

If you are using SELinux you don't need chroot for the security in the
first place you can use labels and LSM modules can also handle things
like ptrace which permit trivial escapes.

Alan