[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD rootkit?

To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Subject: Re: OpenBSD rootkit?
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Sun, 14 Jul 2002 03:49:27 -0600
Cc: Jolan Luff <jolan@enteract.com>, tech@openbsd.org

> On Sun, Jul 14, 2002, Jolan Luff wrote:
> > ssh -> privsep
> > apache -> chroot
> 
> Chroot provides almost no extra security. It can be abused in many
> ways when attacker gets uid=0 inside.

Which is why they run without uid 0.

> And this is possible with a little
> help from kernel bugs. 

Go on, keep talking

> Jail(2) syscall from FreeBSD provides limited environment and the
> *real* security for imprisoning processes.

Yes, that's a heck of a lot more code that can go wrong, too.

References:
- Re: OpenBSD rootkit?
  - From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>

Prev by Date: Re: OpenBSD rootkit?
Next by Date: Re: OpenBSD rootkit?
Prev by thread: Re: OpenBSD rootkit?
Next by thread: Re: OpenBSD rootkit?
Index(es):
- Date
- Thread