tech-security: Re: i386 IO access and chroot()

Subject: Re: i386 IO access and chroot()
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: tech-security
Date: 07/17/2001 10:36:56

On Fri, Jul 13, 2001 at 06:50:11PM -0400, Greg A. Woods wrote:
> I don't know if anyone's explored the possibilities of (ab)using
> networking services from within the chroot jail yet either....

Hrm.

That'd strike me as a bug in the network service in question more
than in our chroot(). Unless you're suggesting that chroot()ed
processes should not be allowed to use lo0 or connect to any local
device's registered IP addresses (this gets really fun with
multi-homed hosts).

While we're at it, shall chroot() disallow compromised services
running within a jail from attacking other hosts? Seems within the
same scope to me. (That is, I just don't think it's doable.)

-- 
       ~ g r @ eclipsed.net