httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: setuid control WITHOUT running as root
Date Sun, 02 Jun 1996 22:10:57 GMT
Robert S. Thau wrote:
> 
>  BTW, I've almost decided that chroot() doesn't help with security (because a
>  Bad Guy can still make something setuid to the attacked uid which can then be
>  exploited by another route).
> 
> Ummm... that's not the point.  Yes, once a suid-root binary exists, even
> in the chrooted environment, you're hosed.  However, the user had to exploit
> security holes in some program in order to bring it into existence.  If 
> chroot locks some of the likely tools out of reach, that means the attacks
> that require them just won't work.
> 
> (For instance, one popular style of attack is the trojan-horse binary.  If
> the directory you'd have to plant it is is just not part of your view of the
> file system, however, then you don't have access regardless of what the
> permission bits are or who owns it --- and that *particular* possibility is
> closed off).

Agreed. I just see so many holes in the chrooted environment that it is hard to
distinguish it from the non-chrooted (thinking aleph-0 again). However,
sticking to the finite, your point is correct. So, Randy, gonna put chroot in?

Cheers,

Ben.

> 
> rst

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.

Mime
View raw message