using chroot option for ntpd

[Zach]

The very next step after gaining access is to escalate priveledges. 
This is often done through a priviledge escalation vulnerability (such
as a service which only listens local, but runs as root), or by
exploiting system misconfiguration such as loose permisisons or weak
passwords.  A chroot goes a long way toward preventing priveledge
escalation.

I can't comment on whether it is worthwhile to chroot ntpd,
specifically.  I don't now how easy it is to exploit, or whether such
an exploit would/could yield interactive access.  However if I recall
correctly, the original poster indicated that ntpd had an option that,
when used, caused it to chroot itself.  If this is the case then it
seems as if it would be fairly easy to do, so why not?

At any rate the upshot is this: an attacker that has gained access to
the system is one step closer to owning that machine.  Chrooting is a
useful mitigation strategy that makes that process more difficult.  As
the folks at SANS would say, "defense in depth."  Trite but true.

Cheers
Zach

On 7/23/05, Martin Pitt <martin.pitt at ubuntu.com> wrote:
> 
> Right, then it is trivially easy to escape. OTOH, with a normal user
> that has only minimal privileges (like the ntp user) you can't do
> anything serious in the system anyway any more, so there is only
> little benefit of chrooting at all.
>

-- 
http://www.freeiPods.com/?r=18267488