chrooted and non-chrooted program interaction, take 2

Discussion in 'all things UNIX' started by Gullible Jones, Nov 16, 2013.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Remember this thread?

    https://www.wilderssecurity.com/showthread.php?t=332639

    Now I have some answers. Yes, you can send signals outside the chroot; and no, you cannot otherwise interact with non-chrooted processes... Not any more, at any rate.

    On Linux, debugging (and potentially code injection) are accomplished using the ptrace() system call. It used to be possible for a program stuck in a chroot to run ptrace() on a program outside, possibly compromising that program as well.

    However, recent kernels include a driver called Yama that implements a form of ptrace() restriction - process can only call ptrace() on their children (which must perforce also be chrooted). It seems quite effective at stopping this kind of monkey business... And Ubuntu enables it by default. :)

    But even before Yama, process hijacking via ptrace() was not used all that often AFAICT. It looks like it's a lot harder to implement than on Windows. Properly configured (vanilla) Linux systems are apparently a good deal more secure than one might think, given the lack of mandatory access control.
     
Loading...
Thread Status:
Not open for further replies.