[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: End of bind-chroot-admin script

From: Alan Cox <alan redhat com>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Subject: Re: End of bind-chroot-admin script
Date: Mon, 10 Nov 2008 06:58:38 -0500

On Mon, Nov 10, 2008 at 01:34:23PM +0100, Adam Tkac wrote:
> Chroot is good and traditional method how restrict daemons. Many users
> still use it and it is far more easy create chroot configuration than
> create/maintain SELinux policy. I don't think SELinux obsoletes
> chroot, both try restrict daemon privileges and both have + and -.

chroot isn't a security feature. It helps for some non-root cases but there
are ways out of chroots and there are all sorts of fun things that can be
used to escape a chroot in the right circumstances.

Its also inadequate for some forms of attack. If I can persuade your named to
run code of my choice in a chroot without selinux then I can still use your
box as a spam machine, botnet host, DoS attack tool, proxy, etc .. all without
breaking the chroot.

In the SELinux case a lot of those actions will hit SELinux denials.

Follow-Ups:
- Re: End of bind-chroot-admin script
  - From: Adam Tkac
- Re: End of bind-chroot-admin script
  - From: Enrico Scholz

References:
- End of bind-chroot-admin script
  - From: Adam Tkac
- Re: End of bind-chroot-admin script
  - From: David Woodhouse
- Re: End of bind-chroot-admin script
  - From: Paul Wouters
- Re: End of bind-chroot-admin script
  - From: Colin Walters
- Re: End of bind-chroot-admin script
  - From: Adam Tkac

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]