[Jailkit-users] Bunch of chroot security related questions

[James Hall]

Hi,  I'm interested in the security of a chroot.  I was surprised to find little documentation on it considering that's the primary objective of the damn thing.

Anyway this is what I do at the moment.

chown -R root:root /home/jailroot
chmod -R 0755 /home/jailroot
chown -R jail:jail /home/jailroot/home/jail
chattr +a /home/jailroot/home/jail/.bash_history
chattr +i /home/jailroot/home/jail/.bashrc
chattr +i /home/jailroot/home/jail/.bash_profile
chattr +i /home/jailroot/home/jail/.bash_logout
chmod 0777 /home/jailroot/tmp
chmod +t /home/jailroot/tmp

Is this safe/correct?

Is it safe to mount /proc and /dev for screen and such things?  Whats the best way to mount it?  mount proc /home/penis/proc -t proc? noexec,nosuid ?

"If a jailed user or a jailed process can modify files in (for example) the JAIL/lib/ or JAIL/etc/ directory (i.e., those within the jail directory), the user can bypass security checks and gain root privileges.."   How is this?  Does this assume there is a process running as root that uses these libs?  So then attacker could change them and execute arbitrary code in the root process?

Thanks in advance for clearing things up.


~superjames


PS: Hope I have done this right.  Mailing lists are a first for me I was hoping for an IRC.