Re: chroot, su and sudo

2003-06-16 Thread Steve Johnson 
Why not just use the start-stop-daemon prog that comes with debian?  
Using the --chuid and --chroot flags?  I've used those to start MOHAA
servers with no issues?  Anyone else know if this way is actually
secure? 

thanks,
steve

On Mon, 2003-06-16 at 03:22, Mario Ohnewald wrote:
> Hello!
> I want to chroot a application/gameserver.
> 
> What is the better/securest way?
> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c  start.sh"
> or
> 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
> execute the "start.sh" in the chroot?
> 
> Solution 2 does not need a root shell at all, why i think it is a little
> more secure.
> What do you think? WHat do u recommend? How would do solve this?
> 
> 
> Cheers, Mario
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- 
You can get my public key at 
or search for KeyID 0x0F737450 at www.keyserver.net


signature.asc
Description: This is a digitally signed message part

Re: chroot, su and sudo

2003-06-16 Thread Steve Johnson 
Why not just use the start-stop-daemon prog that comes with debian?  
Using the --chuid and --chroot flags?  I've used those to start MOHAA
servers with no issues?  Anyone else know if this way is actually
secure? 

thanks,
steve

On Mon, 2003-06-16 at 03:22, Mario Ohnewald wrote:
> Hello!
> I want to chroot a application/gameserver.
> 
> What is the better/securest way?
> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c  start.sh"
> or
> 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
> execute the "start.sh" in the chroot?
> 
> Solution 2 does not need a root shell at all, why i think it is a little
> more secure.
> What do you think? WHat do u recommend? How would do solve this?
> 
> 
> Cheers, Mario
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- 
You can get my public key at 
or search for KeyID 0x0F737450 at www.keyserver.net


signature.asc
Description: This is a digitally signed message part

Re: chroot, su and sudo

2003-06-16 Thread Lars Ellenberg 
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> I want to chroot a application/gameserver.

I played with pam_chroot recently...  unfortunately I found
not much documentation about its intended usage.  whether it
realy suits my needs, I don't know yet.

I'd like to read your comments on this.

you'd need something like user game group game,
put into /etc/security/chroot.conf
game/chroot/game
and into each pam service configuration which should use
this, e.g. /etc/pam.d/su
account optional pam_chroot.so debug
(whether optional is the right choice I don't know)
restrict access to the user with pam_access.

Lars

Re: chroot, su and sudo

2003-06-16 Thread Vincent Hanquez 
On Mon, Jun 16, 2003 at 10:54:54AM +0200, Mario Ohnewald wrote:
> Not even with sudo?

Hmm, this way it will work

-- 
Tab


pgpNe4F7mIpKh.pgp
Description: PGP signature

Re: chroot, su and sudo

2003-06-16 Thread Blars Blarson 
In article <[EMAIL PROTECTED]> 
[EMAIL PROTECTED] writes:
>Hello!
>I want to chroot a application/gameserver.
>
>What is the better/securest way?
>1.) "Chroot /path" and then do a "su -s /bin/sh user -c  start.sh"
>or
>2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
>execute the "start.sh" in the chroot?
>
>Solution 2 does not need a root shell at all, why i think it is a little
>more secure.
>What do you think? WHat do u recommend? How would do solve this?

chroot is a priveleged system call that can be used to bypass
security.  If you let me chroot as a normal user in a directory I set
up, you might as well have just given me the root password.

Best would be a setuid root program that is paranoid about any
paramaters or directories it is passed, that only runs untrusted code
as a non-priveleged user.  chroot is not a mystical incantation to
make things safe.  Used properly, it can enhance security, used poorly
it will bypass security.

-- 
Blars Blarson   [EMAIL PROTECTED]
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden

RE: chroot, su and sudo

2003-06-16 Thread Mario Ohnewald 
Hi,

>-Original Message-
>From: Vincent Hanquez [mailto:[EMAIL PROTECTED]
>Sent: Monday, June 16, 2003 10:46 AM
>To: Mario Ohnewald
>Cc: debian-security@lists.debian.org
>Subject: Re: chroot, su and sudo
>
>
>On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
>> Hello!
>> I want to chroot a application/gameserver.
>>
>> What is the better/securest way?
>> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c  start.sh"
>> or
>> 2.) "su -s /bin/sh user" and then do the "chroot /path" as
>normal user and
>> execute the "start.sh" in the chroot?
>>
>> Solution 2 does not need a root shell at all, why i think it is a little
>> more secure.
>> What do you think? WHat do u recommend? How would do solve this?
>
>You can't chroot as normal user. So solution 1.

Not even with sudo?


Cheers, Mario

Re: chroot, su and sudo

2003-06-16 Thread Vincent Hanquez 
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> Hello!
> I want to chroot a application/gameserver.
> 
> What is the better/securest way?
> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c  start.sh"
> or
> 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
> execute the "start.sh" in the chroot?
> 
> Solution 2 does not need a root shell at all, why i think it is a little
> more secure.
> What do you think? WHat do u recommend? How would do solve this?

You can't chroot as normal user. So solution 1.

-- 
Tab


pgpS2FUmQh0CN.pgp
Description: PGP signature

Re: chroot, su and sudo

2003-06-16 Thread Lars Ellenberg 
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> I want to chroot a application/gameserver.

I played with pam_chroot recently...  unfortunately I found
not much documentation about its intended usage.  whether it
realy suits my needs, I don't know yet.

I'd like to read your comments on this.

you'd need something like user game group game,
put into /etc/security/chroot.conf
game/chroot/game
and into each pam service configuration which should use
this, e.g. /etc/pam.d/su
account optional pam_chroot.so debug
(whether optional is the right choice I don't know)
restrict access to the user with pam_access.

Lars


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: chroot, su and sudo

2003-06-16 Thread Vincent Hanquez 
On Mon, Jun 16, 2003 at 10:54:54AM +0200, Mario Ohnewald wrote:
> Not even with sudo?

Hmm, this way it will work

-- 
Tab


pgp0.pgp
Description: PGP signature

Re: chroot, su and sudo

2003-06-16 Thread Blars Blarson 
In article <[EMAIL PROTECTED]> 
[EMAIL PROTECTED] writes:
>Hello!
>I want to chroot a application/gameserver.
>
>What is the better/securest way?
>1.) "Chroot /path" and then do a "su -s /bin/sh user -c  start.sh"
>or
>2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
>execute the "start.sh" in the chroot?
>
>Solution 2 does not need a root shell at all, why i think it is a little
>more secure.
>What do you think? WHat do u recommend? How would do solve this?

chroot is a priveleged system call that can be used to bypass
security.  If you let me chroot as a normal user in a directory I set
up, you might as well have just given me the root password.

Best would be a setuid root program that is paranoid about any
paramaters or directories it is passed, that only runs untrusted code
as a non-priveleged user.  chroot is not a mystical incantation to
make things safe.  Used properly, it can enhance security, used poorly
it will bypass security.

-- 
Blars Blarson   [EMAIL PROTECTED]
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: chroot, su and sudo

2003-06-16 Thread Mario Ohnewald 
Hi,

>-Original Message-
>From: Vincent Hanquez [mailto:[EMAIL PROTECTED]
>Sent: Monday, June 16, 2003 10:46 AM
>To: Mario Ohnewald
>Cc: [EMAIL PROTECTED]
>Subject: Re: chroot, su and sudo
>
>
>On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
>> Hello!
>> I want to chroot a application/gameserver.
>>
>> What is the better/securest way?
>> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c  start.sh"
>> or
>> 2.) "su -s /bin/sh user" and then do the "chroot /path" as
>normal user and
>> execute the "start.sh" in the chroot?
>>
>> Solution 2 does not need a root shell at all, why i think it is a little
>> more secure.
>> What do you think? WHat do u recommend? How would do solve this?
>
>You can't chroot as normal user. So solution 1.

Not even with sudo?


Cheers, Mario




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: chroot, su and sudo

2003-06-16 Thread Vincent Hanquez 
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> Hello!
> I want to chroot a application/gameserver.
> 
> What is the better/securest way?
> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c  start.sh"
> or
> 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
> execute the "start.sh" in the chroot?
> 
> Solution 2 does not need a root shell at all, why i think it is a little
> more secure.
> What do you think? WHat do u recommend? How would do solve this?

You can't chroot as normal user. So solution 1.

-- 
Tab


pgp0.pgp
Description: PGP signature