tcpdump mailing list archives
Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation]
From: Jefferson Ogata <Jefferson.Ogata () noaa gov>
Date: Wed, 25 Feb 2004 04:06:58 -0500
Pekka Savola wrote:
This is my view on how chroot should be done (note: I haven't bothered to add a cmd-line argument, if you think that should be added, it's trivial), and the trivial setuid patch as well.
I don't think it's necessary, but it might be handy. See below.
This doesn't try to automatically create directories or whatever, but relies on the compile time option (e.g. /var/empty) but is IMHO better in some sense.
- if (initgroups(pw->pw_name, 0) != 0 || setgid(pw->pw_gid) != 0 || + if (chroot_dir) { + if (chroot(chroot_dir) != 0 || chdir (".") != 0) {
No, you have to chdir to "/". Or better, do (chdir(chroot_dir) != 0 || chroot(".") != 0). On some platforms, chroot() doesn't do an implicit chdir(), so the way you've done things you won't end up chrooted -- your cwd will still be where you started.
That's why Andrew went to the trouble of looking at Wietse Venema's chrootuid code as a point of reference for this, so we don't get into trouble.
There's one issue that occurred to me with chroot: on some platforms/configurations there may be a need for access to certain files outside the jail. If any get*byname() calls are being used, there may be a need for access to /etc/resolv.conf, /etc/protocols, etc. On IRIX, it's worse since all the get*by*() calls end up relying on access to /ns. So if -n isn't in force, chrooting might break some lookups. So that also argues for a commandline argument at least to switch it off.
-- Jefferson Ogata <Jefferson.Ogata () noaa gov> NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov> - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Re: OpenBSD work on Tcpdump privilege separation, (continued)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- privileges and 'C' -flag [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Jefferson Ogata (Feb 25)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Hannes Gredler (Feb 25)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Andrew Pimlott (Feb 26)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 26)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Andrew Pimlott (Feb 26)
- Re: OpenBSD work on Tcpdump privilege separation Rodrigo Rubira Branco (Feb 25)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 25)
- Re: OpenBSD work on Tcpdump privilege separation - OFFTOPIC Rodrigo Rubira Branco (Feb 25)
- Re: OpenBSD work on Tcpdump privilege separation - OFFTOPIC Pekka Savola (Feb 25)