Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Chroot jails

from [Wall, Kevin] Network Security [Permanent Link]
Subject: RE: Chroot jails
Date: Wed, 21 Sep 2005 07:54:13 -0500 
Antoine Martin writes...


Wondered if people could give me their opinions on chroot jails

AFAIK, chroot on linux is fundamentally insecure - look for the
'chroot-again' flaw.
Last time I checked it still worked and allowed to escape.

A chrooted jail without dropping privileges is vain anyway.
Indeed. Which is why I prefer:
  http://www.suse.de/~marc/compartment.html
Unlike chroot you can drop privileges in one swoop.
It deserves to be mentioned in this thread.


'compartment' looks like like a separate executable, typically
invoked at the shell level.

Is there anything like this in SuSE or other *nix variations that
does something similar to this in a single, atomic system call?
---
Kevin W. Wall           Qwest Information Technology, Inc.
Kevin.Wall@qwest.com    Phone: 614.215.4788
"The reason you have people breaking into your software all 
over the place is because your software sucks..."
 -- Former whitehouse cybersecurity advisor, Richard Clarke,
    at eWeek Security Summit
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Chroot jails, Paul Wong
Next by Date:  Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
Previous by Thread:  RE: Chroot jails, Craig Wright
Next by Thread:  HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon), Amit Klein (AKsecurity)
Indexes:  [Date] [Thread] [Top] [All Lists]