[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD rootkit?

To: tech@openbsd.org
Subject: Re: OpenBSD rootkit?
From: Henning Brauer <lists-openbsdtech@bsws.de>
Date: Sun, 14 Jul 2002 14:52:42 +0200
Content-Disposition: inline
Mail-Followup-To: tech@openbsd.org
References: <20020714162911.H869@tigerteam.net> <Pine.BSF.4.32L2.0207140408110.42129-100000@shell-3.enteract.com> <20020714094425.GA48873@lagoon.freebsd.lublin.pl>

On Sun, Jul 14, 2002 at 11:44:25AM +0200, Przemyslaw Frasunek wrote:
> On Sun, Jul 14, 2002, Jolan Luff wrote:
> > ssh -> privsep
> > apache -> chroot
> 
> Chroot provides almost no extra security. It can be abused in many
> ways when attacker gets uid=0 inside. And this is possible with a little
> help from kernel bugs. 

what about actually checking what we've done with apache before rumbling.
httpd does not only chroot but drops permissions too now.

Follow-Ups:
- Apache Chroot
  - From: "Randall Augustus Alexander" <openbsd@zonedzero.net>

References:
- Re: OpenBSD rootkit?
  - From: Fyodor <fygrave@tigerteam.net>
- Re: OpenBSD rootkit?
  - From: Jolan Luff <jolan@enteract.com>
- Re: OpenBSD rootkit?
  - From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>

Prev by Date: Re: OpenBSD rootkit?
Next by Date: Re: OpenBSD rootkit?
Prev by thread: Re: OpenBSD rootkit?
Next by thread: Apache Chroot
Index(es):
- Date
- Thread