Re: chroot and re-mounted dirs
From: all mail refused (elvis_at_notatla.org.uk)
Date: 03/09/04
- Next message: Darren Tucker: "Re: how to re-use existing session?"
- Previous message: John: "hacked through ssh"
- In reply to: Kai Raven: "chroot and re-mounted dirs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 9 Mar 2004 22:54:11 GMT
In article <pan.2004.03.09.19.57.11.741382@unimatrix.homelinux.com>,
Kai Raven wrote:
>is it a security hole,
Are you asking us to guess your unstated security goals ?
> if i re-mount a directory outside the chroot in a
>subdirectory under the chrooted user's home dir, when the dir,
>subdirs and files are not owned by the chrooted user and the user has no
>write permissions or is it better to copy files under the user's dir?
I'd prefer to copy them if possible - then you might need some measures
to keep them current.
Having them mounted in 2 places suggests they're being used for different
things and that creates a risk that some inappropriate change will be made
without thinking of the full implications.
File access times might be used as a covert channel between programs
sharing access to the same files. Mounting read-only reduces risk.
Supposing an attacher gets root inside the chroot - normally that's
enough to break out of it.
-- Elvis Notargiacomo master AT barefaced DOT cheek
- Next message: Darren Tucker: "Re: how to re-use existing session?"
- Previous message: John: "hacked through ssh"
- In reply to: Kai Raven: "chroot and re-mounted dirs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
