On Oct 9, 3:36pm, "Larmour, Jonathan" wrote:
} Subject: RE: How to launch squid
}
} I've been playing with a RunCache-replacement I wrote that puts squid
} in
} a chroot-jail in /usr/local/squid and starts squid itself as the
} unpriviledged squid user rather than as root; various bits of
} operating
} system need to get copied to places like /usr/local/squid/etc and
} /usr/local/squid/lib and it gets a bit hairy and system-dependent.
} It's
} not allowed to modify its own binaries or config files in the bin and
} etc
} subdirectories. IMHO this is the way to go if you might be thinking
} about running squid as a firewall proxy.
This is an excellent idea.
} If you are interested, I have already done this for Linux 2.0.30.
I've done it on FreeBSD, though I don't have all the bells and
whistles of RunCache.
} Details available if anyone wants! Also be warned that chrooting in
} itself is not sufficient to guarantee security. e.g. if hacked, the
} hacker can call mknod() to provide access to any device on the system
} - - most relevantly, hard disks. Similarly you can mount() /proc in a
} chrooted area, and have access to all memory as well!
Yes, though these operations can only be done by root.
} Also note that the chroot command as supplied does not change
} directory to one inside the chrooted area, so depending where you ran
} it, you can still access any file in that directory.
Hmn, the FreeBSD chroot command does change directory. The chroot()
syscall doesn't though. The problem is actually worse than what you
mention. If you can get your cwd outside your chroot directory, then
you have access to all the filesystems on the machine.
} The secure
} solution is to either ensure you always do a cd after the chroot, or
} it is probably safer to change the directory in the kernel after a
} chroot.
The FreeBSD chroot command does:
if (chdir(argv[0]) || chroot("."))
err(1, "%s", argv[0]);
} I patched my kernel to prevent mounting, unmounting, mknod's,
} accessing the cwd after a chroot, and changing IP firewall/forwarding
} rules from within a chrooted area.
I've done something similar to FreeBSD. BTW, accessing/manipulating
the cwd after a chroot is safe, as long as it's within the chroot tree.
You should seriously consider using chrootuid. I think it will simplify
your code quite a bit. You can get it from ftp://ftp.win.tue.nl/pub/security/
--- Truck
Received on Thu Oct 09 1997 - 16:11:19 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:16 MST