Stefan Monnier
1997-May-05 09:23 UTC
Re: [linux-security] Re: Re: Re: Buffer Overflows: A Summary
Phexro <ieure@linknet.kitsap.lib.wa.us> writes:> chroot()''d processes. So, important system calls could be modified thus:Since there are tons of syscalls and new ones appearing all the time, "Fixing" some of them doesn''t seem like a good idea. It seems more reasonbale to deny access to all of them, except for a few specific ones (that can moreover be modified so as to limit their strength). Still, it would be a big hassle and probably not worth it.> [mod: We thought about this, and always Linus could come up with > another way to break out of the "jail". Feel free to delve in andI''m fairly convinced that to really get something reasonable, you need to totally redesign the OS with this "virtual machine" in mind. Several research projects follow such a path (with further expectation also, of course). [mod: Yes. One "catchall" would be to modify "suser()" to return (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a chrooted environment just another user. Just with a special uid. But still you would have to review the WHOLE system to be sure that no holes remain.... --REW] Stefan
Andrew G. Morgan
1997-May-05 15:41 UTC
Re: [linux-security] Re: Re: Re: Re: Buffer Overflows: A Summary
> [mod: Yes. One "catchall" would be to modify "suser()" to return > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a > chrooted environment just another user. Just with a special uid. But > still you would have to review the WHOLE system to be sure that no > holes remain.... --REW]Another would be to adopt the linux-privs (POSIX.1e aka. POSIX 6) model http://parc.power.net/morgan/Orange-Linux/linux-privs/index.html and adopt individual capabilities/privileges instead of having a single omnipotent superuser. By removing capability sets from the files in your chroot prison cell it should be possible to secure it against escape by any user... Cheers Andrew -- Linux-PAM, libpwdb, Orange-Linux and Linux-GSS http://parc.power.net/morgan/index.html [ For those that prefer FTP --- ftp://ftp.lalug.org/morgan ]