Re: [dev] [quark] Performance issues

From: Laslo Hunhold <dev_AT_frign.de>
Date: Wed, 25 Sep 2019 16:32:45 +0200

On Wed, 25 Sep 2019 16:06:52 +0200
Markus Wichmann <nullplan_AT_gmx.net> wrote:

Dear Markus,

> chroot() has several detrimental effects, most importantly making it
> impossible to access /dev/null and /dev/urandom. Unless, of course,
> measures are taken to replicate these devices underneath the new root.

please excuse the ignorant question, but why would you want to access
/dev/null? The problem with /dev/urandom is well-known, which is why
OpenBSD has arc4random(3).

> It is also not a security device. If a service in a chroot is
> exploited with root privileges, it can mount procfs wherever, and
> access /proc/1/root. It can also mount another instance of the rootfs
> wherever and escape the jail that way.

You are absolutely right. chroot() on its own is not a security device,
but it is when you drop your privileges after chrooting. Then it is not
possible to mount procfs or whatnot.

After all, one measure alone is never enough, which is why I also use
unveil(2) (at least on OpenBSD) to make any other accesses to the file
system impossible.

With best regards

Laslo
Received on Wed Sep 25 2019 - 16:32:45 CEST

This archive was generated by hypermail 2.3.0 : Wed Sep 25 2019 - 16:36:08 CEST