Re: chroot useful?

[chuck yerkes <Chuck () yerkes com>]

It is claimed, but unverified, that Anton J Aylward wrote:
> At 05:27 PM 17/11/97 -0600, Paul McNabb wrote:
> ## Reply Start ##
> > IMHO, stripping down a system by removing unnecessary utilities, services,
> > and processes reduces the chances of leaving a hole open and is absolutely
> > essential for making a firewall "secure", but it does little towards making
> > the remaining services more secure.

Practically, running named, and web servers, and such in a
READONLY chroot environment has gotta leave you open you to
fewer issues than NOT running it like that.  Most crackers run
toolkits with little clue as to what's going on and these things
will help slow them down.  

> What about stripping down the kernel and removing things of
> dubious nature?

But many useful things are dubious.  It's just that in a highly
secure context that they become dubious.

Let me throw some gas on the fire and say this:
  Basically, using a general purpose OS is not a good idea for a
firewall.

  Using the PROTOCOLS of a GP/OS IS a good idea.  By this I mean
that configuring via a file or a secure web server (or whatever)
and logging via syslog is good.

I'd say that taking Unix, rather than removing what's bad to
make it secure, start empty and add only what you need.

Generally this means multi-tasking, a TCP/IP stack, filters, a
variety of daemons that can proxy and stuff to do logging and
alterting.  Sounds easy enough, but when you add shells and
interactive users, you have to add a lot of /usr/bin/.

I know *I* can get Unix down to about 40 meg and still log
in - A normal binary OS distibution and pre-source revision.
It's just not that easy to do maintainance of the machine.

I've worked with a bunch of firewall products and have yet to be
impressed with most of them.  The best I can usually say is that
some are ok for a software product that's genericly useable.

chuck