[Jailkit-users] Bunch of chroot security related questions
From:
James Hall
Subject:
[Jailkit-users] Bunch of chroot security related questions
Date:
Mon, 8 Mar 2010 11:54:52 +0000
Hi, I'm interested in the security of a chroot. I was surprised to find little documentation on it considering that's the primary objective of the damn thing.
Is it safe to mount /proc and /dev for screen and such things? Whats the best way to mount it? mount proc /home/penis/proc -t proc? noexec,nosuid ?
"If a jailed user or a jailed process can modify files in (for example) the JAIL/lib/ or JAIL/etc/ directory (i.e., those within the jail directory), the user can bypass security checks and gain root privileges.." How is this? Does this assume there is a process running as root that uses these libs? So then attacker could change them and execute arbitrary code in the root process?
Thanks in advance for clearing things up.
~superjames
PS: Hope I have done this right. Mailing lists are a first for me I was hoping for an IRC.