comparison over systems

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

comparison over systems

Postby blackmage » Mon Apr 07, 2003 4:59 pm

little comments about the compare page

main ones about chroot: in term of security, chroot seems to me as useless if you use it as root (speaking of user in chroot)
the regression test or only chroot and make their test code. For example, on openbsd, all chroot (default httpd, named) are used as common user (setuid/setgid) so most of tests will be successful i think if uid changed (test both?).

about dmesg, i believe it to be mainly a perm problem (bsd: /dev/kmem, /var/log/dmesg.boot, dmesg bin)

else no more comments. yours ?
blackmage
 
Posts: 5
Joined: Mon Sep 30, 2002 5:29 am

Postby spender » Mon Apr 07, 2003 5:54 pm

Three of the regression tests on there can be launched as non-root to break the chroot, and they will happily run on the other OSes.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby spender » Mon Apr 07, 2003 6:38 pm

To clarify, three of the tests can be used regardless of the quality of the code within the chroot. At least 2 other attacks can be launched if the chrooted application isn't written correctly.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby blackmage » Tue Apr 08, 2003 3:46 am

i've test chroot_chroot test on openbsd by adding a ret = setuid(-1); before test and it passed.

to which test do you refer ?
if i remember well, chroot, mknod need root access. for others, i'm not sure.

in any case, any poorly written app is unsecure, we try speaking of the good ones (i hope :D )
blackmage
 
Posts: 5
Joined: Mon Sep 30, 2002 5:29 am

Postby spender » Tue Apr 08, 2003 8:55 am

Of course it passed when you did the setuid. Only root is allowed to chroot. I've explained above which tests can be launched as non-root. I've worked on this stuff for over 2 years now, so I know what I'm doing. In fact, I've written a paper on breaking chroot, however I cannot publish it myself (it is intended for a magazine).

BTW: do you see any irony in your last statement? If all your apps are secure, there is no need for chroot, now is there? ;)

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby blackmage » Tue Apr 08, 2003 10:48 am

Sorry, maybe i need to clean my glasses or too tired, but i not see you mention Which three test can be use as non-root. (i know that mknod/chroot are root restricted)
i'm not saying grsecurity is bad, i use it myself and find it great, but discuss some comparison points.

in which magazine, do you plan to publish ? available on the net ?

it depends: my last sentence was about good apps (a "real" secure app is something rare today) like apache/bind9/etc (not secure, but neither insecure).
blackmage
 
Posts: 5
Joined: Mon Sep 30, 2002 5:29 am

Postby spender » Tue Apr 08, 2003 10:51 am

ptrace, semaphores, shared memory, message queues, abstract unix domain sockets can all be used as non-root. Fchdir can be used as non-root if the application is written incorrectly.

The article is for a French Linux magazine.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby spender » Tue Apr 08, 2003 10:59 am

In addition, if the attacker has an account on the system by other methods, chmod +s is an easy way to get access to the chrooted UID/GID outside of the chroot.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby blackmage » Fri Apr 11, 2003 3:02 am

ok, thanks a lot, i will take a look

also, one thing i forgot is freebsd jail (which as improved chroot could be more successful in test)
blackmage
 
Posts: 5
Joined: Mon Sep 30, 2002 5:29 am


Return to grsecurity support