Subject: Re: i386 IO access and chroot()
To: None <firstname.lastname@example.org>
From: Michael Richardson <email@example.com>
Date: 07/14/2001 22:17:00
>>>>> "Greg" == Greg A Woods <firstname.lastname@example.org> writes:
Greg> However I don't think mknod(2) is disabled at securelevel>=2 yet,
Greg> and it probably should be, though you can work around that by
Greg> putting the chroot jail on a filesystem mounted with 'nodev' (and
Greg> maybe 'nosuid' too!).
While this works for specific cases, it fails for general chroot-jails.
(e.g. where you want to let a user login and run /bin/sh...)
You need /dev/null and a bunch of other stuff.
In one situation I was involved in, we had a chroot() area for each
user. It cost some disk space, but that is too cheap to worry about now.
A hacked sshd called chroot() to their homedir, and set $HOME to /work.
Mounting some kind of devfs onto /dev that only did /dev/null, etc.
didn't seem a very scalable idea. I'd like "nodev1" and "nodev2" or some
such, or a way to do the equivalent of "nodev" in the chroot() call..
Greg> If there are any more buffer-overflow style vulnerabilities in the
Greg> kernel then that's another potential avenue of escape.....
Greg> I don't know if anyone's explored the possibilities of (ab)using
Greg> networking services from within the chroot jail yet either....
I also want to disable networking when I make my jail :-)
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] email@example.com http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [