On Tue, 14 Jul 1998, Carlos Barros wrote:
> On Tue, 14 Jul 1998, cfb wrote:
>
> > The main problem seems to be with the way that debian starts bind
using
> > the script /etc/init.d/bind. I thought it would be really neat to
just
> > change the #!/bin/sh at the top of the script to something like :
> > #!/usr/sbin/chroot /chroot-dns/ /bin/sh
> > or
> > #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh
>
>
> try changing only the line that start the bind daemon eg:
>
> chroot /chroot-dns/ /bin/named
What this chroot gives You? Actually this is protection against simple
exec("/bin/sh") but every cracker may put chroot("/") before
this and all
the protection is destroyed.
[mod: It is slightly less trivial than 'chroot("/")', but if
you can
execute arbitrary code as root, you can break out of the chrooted
environment. --REW]
My idea is to run named non-root UID/GID. As named needs to bind port 53
which is below 1024 there are problem to execute it. One solution is to
rewrite named code (like httpd) another is to make the hole into the
kernel. Both are nonstandard solutions. There are also possible to use
some portwrapper/redir. Does anyone use some of these?
[mod: Patches are floating around. -- REW]
---
Cougar