Preemptive strategies

Robert Connolly robert at linuxfromscratch.org
Wed Oct 29 16:48:00 PDT 2008


The runas program I mentioned is part of Titan Security Toolkit:
http://www.trouble.org/titan/

It unfortunately has a special copyright, organizations with more than 300 
employees need written permission to use it, and they don't want people 
adding patches which change or add behavior, only bug fixes.

Anyway, it's exactly the same as 'env -i su - user -c', except that it also 
has a chroot option, and does not require the user to have a valid shell.

The package also includes a program named noshell, which is 
like /sbin/nologin, except that it logs login attempts to syslog.

Chrootuid is similar:
ftp://ftp.porcupine.org/pub/security/index.html

But has a freer copyright.

The problem I have with these, and all other chroot tools, is that they run 
the target program inside the chroot, not outside, so it doesn't work with an 
empty chroot. named, ntpd, etc, start as root, chroot to an empty directory, 
then drop root.

I can't think of a way to chroot to an empty directory, unless the chroot(2) 
call is done within the program. The chroot(2) system call doesn't allow for 
a pid to be chrooted after it is loaded.

I think what I'm looking for is a new chroot system call, like chroot_pid:
int chroot_pid(const char *path, int pid);

In the kernel, it looks like chroot(2) is sys_chroot(), in fs/open.c. I looked 
at it, and I have no idea how to add pid support to it.

Can any of you make something usable enough to submit to kernel.org? or think 
this not a wise idea?

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20081029/6888c363/attachment.sig>


More information about the hlfs-dev mailing list