*BSD News Article 9401


Return to BSD News archive

Received: by minnie.vk1xwt.ampr.org with NNTP
	id AA5713 ; Fri, 01 Jan 93 01:53:28 EST
Xref: sserve comp.unix.bsd:9458 comp.unix.wizards:28099 alt.security:7247
Newsgroups: comp.unix.bsd,comp.unix.wizards,alt.security
Path: sserve!manuel.anu.edu.au!munnari.oz.au!uunet!paladin.american.edu!howland.reston.ans.net!zaphod.mps.ohio-state.edu!cs.utexas.edu!convex!convex!tchrist
From: Tom Christiansen <tchrist@convex.COM>
Subject: Re: WEIRD IDEA? (chroot) Some corrections.
Originator: tchrist@pixel.convex.com
Sender: usenet@news.eng.convex.com (news access account)
Message-ID: <1992Dec29.203231.21943@news.eng.convex.com>
Date: Tue, 29 Dec 1992 20:32:31 GMT
Reply-To: tchrist@convex.COM (Tom Christiansen)
References: <1992Dec26.191816.26596@prime.mdata.fi> <1992Dec28.214412.29732@prime.mdata.fi>
Nntp-Posting-Host: pixel.convex.com
Organization: Convex Computer Corporation, Colorado Springs, CO
Keywords: chroot, shadow login, pirates BBS
X-Disclaimer: This message was written by a user at CONVEX Computer
              Corp. The opinions expressed are those of the user and
              not necessarily those of CONVEX.
Lines: 15

Chroot may not be so wondrous as you may think.

If your interloper should manage to crack root inside of the chroot box,
you can still be in for big problems.  A kmem or a disk device inode
inside the box is as valid as one outside, allowing someone to peek 
anywhere in the kernel or disk or even poke himself out of the box!
Remember also that privileged sockets have no concept of chroot, so
anyone could be impersonated going over the net.

--tom
-- 
    Tom Christiansen      tchrist@convex.com      convex!tchrist


    "We don't care.  We don't have to.  We're the Phone Company."