using chroot option for ntpd
Zach
uid000 at gmail.com
Fri Jul 22 20:13:26 CDT 2005
The trick to making a chroot work is not providing any programs inside
the chroot that can be used to escape it, and not providing a way to
copy utilities to the system (which is the hard part). For example if
the chroot contains mknod and the mount command (and dependencies)
the attacker (after gaining access) would attempt to mount /dev/hda1
to a mount point inside the chroot, at which point the attacker has
effectively "escaped" the chroot. Services that run as root should
especially be chrooted if not run under targetted SELinux policy.
(SELinux haters please don't flame--I'm not a big fan either!)
On 7/22/05, stan <stan at saticed.me.uk> wrote:
> attack. Of course this is mute if the ntp user can escape the chroot as
> easily as root is able to.
>
>
More information about the ubuntu-devel
mailing list