Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Proxy firewall design.

From: mcnabb () argus-systems com (Paul McNabb)
Date: Thu, 12 Mar 1998 16:31:02 -0600
 > I hope the ``chroot escape hole'' is fixed (as discussed here a few
 > weeks ago).
 
 The safe assumption is that the superuser can always evade chroot()
 protection.


I think it is a bit futile to try to isolate a network service by
putting its daemon in a chroot box.  Not only do you have the bother
of setting up and maintaining the box, but you haven't really isolated
the daemon.  It can still go through other network interfaces that you
don't want it to, it can signal processes, set up IPC connections, use
the STREAMS/socket interface to talk to other daemons listening, etc.
And above all, if there is any superuser/root ability assocated with
the chroot box or daemon, the daemon may be able to escape.

You can completely and permanently isolate a process using other
mechanisms that are designed to isolate a process, namely trusted
OSes.  Trying to use other mechanisms is like using a saw to hammer
a nail.  chroot is a great tool, but the wrong one for this job.
Use chroot to provide a virtual file system environment, not to
isolate and protect a daemon.

paul

---------------------------------------------------------
Paul McNabb                     Argus Systems Group, Inc.
Vice President and CTO          1809 Woodfield Drive
mcnabb () argus-systems com        Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433                "Securing the Future"
---------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: