Re: Buffer Overflows: A Summary

Adam Shostack (adam@HOMEPORT.ORG)
Mon, 05 May 1997 21:59:33 -0400

Thats not to say that chroot isn't useful. It simply raises
the bar less than it used to.

The Janus work by Dave Wagner, Ian Goldberg and others at UCB
is very interesting. They use ptrace to hook their own checking
routines into certain system calls (open, connect, exec) and check the
args to the call against a config file.

It only runs on Solaris right now, but its an interesting
approach adds a layer of security. I played with using it under
named, but decided to go with chroot for portability to my other
machines.

http://www.cs.berkeley.edu/~daw/janus/

Adam

Thomas H. Ptacek wrote:
|>Another alternative that has the advantage of already existing and being
|>relatively easy to use is the chroot() system call. For example, named would
|>be a much less attractive target it if chroot()ed to /etc/namedb (or whatever)
|>as soon as it knew where its startup directory was. Then all named could do is
|>mangle your name service files.
|
| On almost all Unix operating systems, having superuser access in a
| chroot() jail is still dangerous. In some recent revisions of 4.4BSD
| operating systems, root can trivially escape chroot(), as well.

--
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume