Re: chroot useful?

[Darren Reed <darrenr () cyber com au>]

In some mail I received from Anton J Aylward, sie wrote
> At 07:12 PM 16/11/97 +1100, Darren Reed wrote:
> ## Reply Start ##
>
> > [...mjr's email deleted...]
> >
> > So, how many firewalls out there implemented with any of the common
> > operating systems (be they free or commercial) actually do this ?
>
> Why not ask them.  Many claim to run "hardened" versions of 
> BSD or LINUX.  Vulnerabilites and exploits are well publicized, 
> and many of the developers read these lists.   I doubt many
> are going to be so arrogant as to take a NIH approach to something
> Marcus has contributed to the state of the technology ;-)

Well, the majority of the firewall market doesn't run on a "hardened"
version of the OS because that's not what FW-1 uses.

What % of the market do those selling hardened OS's make up ?

And for those using freely available bits and pieces...
How many people can hack their BSD/Linux systems appropriately ?
It's not anywhere near as easy as setting up ipfwadm rules(?).

> Chroot() is just one way of implementing a technique of virtualizing
> a file system - putting the process in a box, if you will.

Putting the process in a box requires more than just changing it's concept
of the root file system.

> Other modified kernels have made the sockets only accessible thru the file
> system (/dev/tcp/smtp ==> handler to look up the next segment in the path
> such as /dev/tcp/smtp/nfr.com for example; this one has been documented)

Which helps address some of the issues which go tawards building a box
around a process.

[...]
> What marcus did was redefine the specification of the kernel to say that
> if a process is chroot()ed then it has reduced privilege.   He showed how
> that could be SIMPLY implemented using existing systems, without having to 
> invest in building a new system and preserving the investment in already
> existing experience and technology.

It's what I would consider a "hack" and what you're describing is where
"hacks" fit in.  They usually don't, however, form a good basis for a product
or design.  (NOTE, if you've designed something to be a hack, I'd say its
a kludge :)

> > Yes, I am working on something
> > to address this and other related issues without being too complacent
> > it or naive about what the result will be.
>
> This is a clean sheet design, right, which doesn't use ANY BSD or 
> LINUX code?  Or any other stuff in the public domain?

Sigh...the best I can do is interface with existing code.  It's an
unfortunate position to be in but I don't want to reinvent Unix.
Sure, if someone paid me to do it, that'd be great, but they'd probably
want some sort of ownership of the work then too.

Darren