httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: setuid control WITHOUT running as root
Date Sun, 02 Jun 1996 21:38:21 GMT
 BTW, I've almost decided that chroot() doesn't help with security (because a
 Bad Guy can still make something setuid to the attacked uid which can then be
 exploited by another route).

Ummm... that's not the point.  Yes, once a suid-root binary exists, even
in the chrooted environment, you're hosed.  However, the user had to exploit
security holes in some program in order to bring it into existence.  If 
chroot locks some of the likely tools out of reach, that means the attacks
that require them just won't work.

(For instance, one popular style of attack is the trojan-horse binary.  If
the directory you'd have to plant it is is just not part of your view of the
file system, however, then you don't have access regardless of what the
permission bits are or who owns it --- and that *particular* possibility is
closed off).

rst

Mime
View raw message