Re: BIND bugs of the month (fwd)

From: Alan Cox (alanat_private)
Date: Sun Nov 14 1999 - 16:58:15 PST

Next message: Brian Fundakowski Feldman: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"

Previous message: Steven M. Bellovin: "Re: BIND bugs of the month (spoofing secure Web sites?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> when i saw the linux chroot("../../../../../../../..") hole i about fell
> out of my chair.  truly no place is safe any more.

Not a bug. chroot() requires root. root can use ioperm and other stuff.
If you put a setuid app or a root app in a chroot jail you are a fool.
Its not an OS specific bug either, its part of the way chroot()
works.

Named run sanely (as non-root and re-execed on an interface change) in
a chroot jail is pretty safe from exposing the machine, but as Dan
rightly points out not from subverting your DNS.

If you think bind is unauditable then help work on DENTS
(www.dents.org)

Next message: Brian Fundakowski Feldman: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Previous message: Steven M. Bellovin: "Re: BIND bugs of the month (spoofing secure Web sites?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:28 PDT