using chroot option for ntpd
Zach
uid000 at gmail.com
Sat Jul 23 16:27:05 CDT 2005
But you still need the device node to mount or else have mknod, right?
At any rate chrooting a service running as root, I do not believe is
a pointless endeavor. Am I wrong on this?
On 7/23/05, Martin Pitt <martin.pitt at ubuntu.com> wrote:
> Hi!
>
> Zach [2005-07-22 21:13 -0400]:
> > The trick to making a chroot work is not providing any programs inside
> > the chroot that can be used to escape it, and not providing a way to
> > copy utilities to the system (which is the hard part). For example if
> > the chroot contains mknod and the mount command (and dependencies)
> > the attacker (after gaining access) would attempt to mount /dev/hda1
> > to a mount point inside the chroot, at which point the attacker has
> > effectively "escaped" the chroot.
>
> You don't need to provide the usual programs in a chroot to escape.
> You can e. g. mount a device using the system call mount(2).
>
> Martin
> --
> Martin Pitt http://www.piware.de
> Ubuntu Developer http://www.ubuntu.com
> Debian Developer http://www.debian.org
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
--
http://www.freeiPods.com/?r=18267488
More information about the ubuntu-devel
mailing list