On Sun, 10 Dec 2000, Gunther Birznieks wrote:
> At 03:33 PM 12/10/00 +0100, Stas Bekman wrote:
> >Do you think I should include the scenario of making Apache run in chroot
> >enviroment in the guide?
> I think chroot Apache is important especially for dynamic services.
Definitely.
> For example, perhaps the mod_perl server and the HTML/images server should
> be separately chrooted from each other? That way, someone who breaks the
> dynamic script won't be able to mess with the frontpage of the website to
> deface it assuming the hacker could get around permissions issues within
> the chroot jail.
Why do you need the proxy server to be chrooted at all? what does that
gain you. After all if apache is insecure, you can break out of the
chroot()ed jail anyway.
> BTW, OT Question on the subject -- does anyone know if /chroot/etc/shadow
> necessary once the chroot jail is in effect? The author creates a shadow
Well, you've lost if you break root inside a traditional chroot() (as
opposed to FreeBSD4's jail() -
1) attacker can mknod() (and can therefore attack kmem.
2) attacker can call chroot()
- int j; mkdir("./bin"); chroot("./bin");
for(j=0;j<PATH_MAX;j++) chdir(".."); chroot(".");
In which case the shadow file can be there. What isn't there is a way to
get root (any suid programs or similar). You hope. :)
> file but it seemed odd to me. He also advocates copying it over and then
> creating a new one from scratch which seems redundant and potentially
> dangerous if the second step is forgotten.
Very much so, agreed.
MBM
--
Matthew Byng-Maddick Home: <[EMAIL PROTECTED]> +44 20 8981 8633 (Home)
http://colondot.net/ Work: <[EMAIL PROTECTED]> +44 7956 613942 (Mobile)
philosophy, n.: Unintelligible answers to insoluble problems.
