Re: Buffer Overflows: A Summary

Eilon Gishri (eilon@ARISTO.TAU.AC.IL)
Wed, 07 May 1997 00:59:21 +0300

On Mon, May 05, 1997 at 09:59:33PM -0400, Adam Shostack wrote:
> Thats not to say that chroot isn't useful. It simply raises
> the bar less than it used to.
>
> The Janus work by Dave Wagner, Ian Goldberg and others at UCB
> is very interesting. They use ptrace to hook their own checking
> routines into certain system calls (open, connect, exec) and check the
> args to the call against a config file.
>
Sounds like SeOS (commercial) from MEMCO.

> It only runs on Solaris right now, but its an interesting
> approach adds a layer of security. I played with using it under
> named, but decided to go with chroot for portability to my other
> machines.
>
> http://www.cs.berkeley.edu/~daw/janus/
>
> Adam
>
> Thomas H. Ptacek wrote:
> |>Another alternative that has the advantage of already existing and being
> |>relatively easy to use is the chroot() system call. For example, named would
> |>be a much less attractive target it if chroot()ed to /etc/namedb (or whatever)
> |>as soon as it knew where its startup directory was. Then all named could do is
> |>mangle your name service files.
> |
> | On almost all Unix operating systems, having superuser access in a
> | chroot() jail is still dangerous. In some recent revisions of 4.4BSD
> | operating systems, root can trivially escape chroot(), as well.
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume

--
                Eilon Gishri, Tel-Aviv University Computation Center
                Home 03-5078671 /* on a matter of national security */
                E-mail: eilon@aristo.tau.ac.il