Re: Proxy firewall design.

[Bernhard Schneck <Bernhard_Schneck () genua de>]

In message <199803101214.XAA14551 () soy cyber com au> you write:
> A common theme amongst proxy firewalls running on Unix is to limit the
> exposure through use of chroot. How many of these segregate it further
> such that (say) the smtp proxy uses /fw/smtp, ftp uses /fw/ftp, etc ?
> I'm aware of chrooting used for WWW & mail, but I can't see why you
> wouldn't use it for all of them.  For example, FWTK 2.0 doesn't support
> chroot for plug-gw or x-gw but it does for all the others.  Of course,
> you might even chroot to /fw first, before running any of your proxies...

In our firewall, we
* chroot for each possibly hostile interface (/cage/ef0, /cage/ef1, ...)
* chroot even further for ``dangerous'' services (mail, ssh, www, ...)

tcp-relay (similar to plug-gw) doesn't do any file I/O (and we hope
it doesn't have any buffer overflows), so chrooting further won't help
that much.

I hope the ``chroot escape hole'' is fixed (as discussed here a few
weeks ago).

Of course, chrooting only restricts file access and nothing else, so
several additional topics need to be adressed, too.

\Bernhard.