tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: security implications: ptyfs + mount_null + chroot



On Fri, Mar 30, 2012 at 12:16 AM, Dave B <spam%y2012.dberg.net@localhost> wrote:
> ** The short version:
>
>  In addition, how iron-clad is chroot now considered to be anyway?

If the question is how secure chroot is, I'd say it is not secure by design.
"chroot is not and never has been a security tool"(C)
Being root inside chrooted you can easily escape the jail
by thousands of means. On the other hand NetBSD is AFAIK the only OS
where fchdir(2) and ptrace(2) syscalls are hardened for about a decade.
So, unprivileged processes inside chroot can be considered more or
less isolated,
but kill(2)...

Some time ago I wrote a kernel module for making chroot(2) a security tool.
For now it exists as a patch. I've been using for months for isolating
network services and pkgsrc bulk builds (+wip) and it works just fine.

http://mail-index.netbsd.org/tech-kern/2011/07/09/msg010903.html

A polished man page is available here (in the end of the message)
http://mail-index.netbsd.org/tech-kern/2011/07/10/msg010913.html

Original patch from this thread doesn't work because of recent changes
in kauth(9).
If you need the updated patch, let me know.


Home | Main Index | Thread Index | Old Index