Subject: Re: Escaping a chroot jail
To: None <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 07/14/2005 10:46:31
In message <20050714143330.GD9104@localhost>, Bernd Sieker writes:
>On 14.07.05, 10:01:41, Michael Richardson wrote:
>> a) you can build it in. I used to do that regularly.
>> (I tried for awhile to get it accepted as a standard device...
>> I take it that this never happened)
>> b) you can load the module before securelevel->1.
>Actually, you _must_ load it before. lkm loading is only possible
>in securelevel 0. So you're not effectively running a system with
>lkm support enabled (see lkm(4).)
Sure, I understand that. On secure machines, I'm still happier with
the facility non-existent rather than controlled by a mode bit.
Why? For fun, I ran rcorder on my machine. rc.d/securelevel is number
62 in the list. Among the things that preceed it are dhclient, racoon,
named, ntpdate, rpcbind, ypserv, cleartmp, nfsd, and nfslocking. Do
you trust all of them? I don't. (And to bring things back to the
context of this discussion, named is one of the programs that normally
runs chrooted, for good and sufficient reason.)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb