Also HI! Is there a "good" doc about creating a chroot jail? I prefer UNIX independent documentation because I work with different UNIX platforms. Mostly SUN by the way. Thanks, Dave
Boris Lorenz
6-12-00 12:47:42 >>> Hi,
if a compiler and certain programs are missing in a chroot jail it can be
considered reasonably safe. A possible way for an attacker to break out of such
a jail is to abuse setuid programs such as (older) versions of perl (which is
likely to exist on a webserver for cgi-scripts), or to exploit known
vulnerabilities of other binaries which reside in the chroot'ed area.
There are numerous exploits for other chroot'ed environments for services such
as ftp (see http://www.securityfocus.com/archive/1/12962) but I doubt wether
these can be adjusted to your situation. Anyway, take a close look on what you
put in the chroot area.
There's some paper discussing ways of escaping the chroot jail under
http://www.bpfh.net/simes/computing/chroot-break.html which is quite
informative.
Boris
Hi.
I've just a short question: Does anybody know how secure it is to chroot users in a small piece of my server tree?
We want users to login via ssh and work on a webserver (test scripts etc.). They shouldn't see each other even they shouldn't know if they are on a real server or in a virtual space that seems and behave in most cases like a server. To point it out: Is there a possibility to break up the chrooted environment or is it safe to let them login ?
Thanks in advance
* * Ihr Formel4-Team * mailto:info@formel4.de [...]
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com