using chroot option for ntpd
Martin Pitt
martin.pitt at ubuntu.com
Sat Jul 23 15:34:46 CDT 2005
Hi Stan!
stan [2005-07-22 15:43 +0100]:
> On Fri, 2005-07-22 at 10:17 +0200, Martin Pitt wrote:
> > stan [2005-07-22 8:32 +0100]:
> > > ntpd has a -i option to chroot itself, which the ntp-simple package
> > > isn't using. Is it worthwhile using it given that it does switch to a
> > > non root/restricted user?
> >
> > With the current default Linux kernel, chroots do nothing to improve
> > security.
>
> could you provide any pointers on this? Googling only indicates issues
> if root priviledges are able to be obtained in the chroot.
Right, then it is trivially easy to escape. OTOH, with a normal user
that has only minimal privileges (like the ntp user) you can't do
anything serious in the system anyway any more, so there is only
little benefit of chrooting at all.
> > ntpd runs as normal user, so it already has only minimal
> > privileges, and can't do anything serious on the hard disk anyway. So
> > what would be the benefit of chrooting it?
>
> Sounds like none, but I thought the chroot would stop access to
> e.g. /etc/passwd which would provide a username for a dictionary based
> attack.
Of course you can read /etc/passwd (and thus get a list of valid user
names), but I don't regard this as major issue. If you break ntpd and
get shell access, you already have a local user (if only a very low
privileged one) and can start attacking the kernel, etc.
That does not mean that I actively discourage derooting; it certainly
helps to improve security further. However, I don't want to invest
time in doing this stuff myself, but if anybody wants to work on that,
this is certainly appreciated. :-)
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
More information about the ubuntu-devel
mailing list