Bugtraq mailing list archives
Re: response to the bugtraq report of buffer overruns in imapd LIST command
From: Darren.Moffat () UK SUN COM (Darren Moffat - Solaris Sustaining Engineering)
Date: Tue, 18 Apr 2000 10:04:42 +0100
Last but not least, I am very interested in Kris Kennaway's claim that "It
may
also be possible to break out of the chroot jail on some platforms." If
It is possible, especially if you have /proc mounted. It is made even more likely if you have processes inside and outside of the chroot environment running under the same uid. Note that if /proc is mounted it is very difficult, nay impossible in many systems to contain the root user inside a choot environment. Other possible escape roots are likely if you are using lofs (loopback mounts) to bring in outside data into the chroot, for example running imapd in a choot and the lofs mounting /var/mail into the chroot. Be very careful about what you bring into the chroot environment. chroot is NOT a security feature it never was intended as one, however many people use it as one as it helps to limit the impact of a service being exploited but do NOT ever rely on not being able to break out of the chroot. My general feeling is that if you wouldn't be happy running the service outside of a choot environment then you shouldn't run it at all. I'm not saying don't use choot what I'm saying is don't use it as a excuse to not fix security bugs. -- Darren J Moffat
Current thread:
- Re: response to the bugtraq report of buffer overruns in imapd LIST command der Mouse (Apr 17)
- <Possible follow-ups>
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Darren Moffat - Solaris Sustaining Engineering (Apr 18)