Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] chroot
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Wed, 6 Dec 2000 16:05:17 -0700
  • Message-id: <002b01c05fd9$00182c20$ca00030a@xxxxxxxxxxxx>
There have been root hacks in crontab before. There likely will be some in
the future too.



First of all: Thank you for your answers to my question relating the
security of a chrooted environment.

I just called the provider of the system working with the descripted
chroot jail. He told me that inside the jail theres only one program
with suid root bit set, namely crontab. No UID/GID is changed during
"chrooting" and all programs inside the jail are unchanged copies. So
every process executed from inside the jail runs chrooted too with
its normal rights.

Based on these statements, he estimates his system secure. My
knowledge of hacking is quite small so i can't decide if he's wrong.
There is another solution of locking a user in a private environment
by starting some tasks delusioning a complete hardware environment
with own IP and running a second complete Linux inside this
environment (seem to be very complex, but works pretty nice). IMHO
the safer solution. If a hacker tries to break up these tasks he cuts
his own (virtual) kernel and (for my personal view) will be cut off
from the connection immediately.

Am I wrong?

* Ralf 'coko' Koch
* mailto:info@xxxxxxxxxx
Computers are like air conditioners: They stop working properly if
you open windows.

To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >
Follow Ups