chrooted and non-chrooted program interaction, take 2

Discussion in 'all things UNIX' started by Gullible Jones, Nov 16, 2013.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    Remember this thread?

    https://www.wilderssecurity.com/showthread.php?t=332639

    Now I have some answers. Yes, you can send signals outside the chroot; and no, you cannot otherwise interact with non-chrooted processes... Not any more, at any rate.

    On Linux, debugging (and potentially code injection) are accomplished using the ptrace() system call. It used to be possible for a program stuck in a chroot to run ptrace() on a program outside, possibly compromising that program as well.

    However, recent kernels include a driver called Yama that implements a form of ptrace() restriction - process can only call ptrace() on their children (which must perforce also be chrooted). It seems quite effective at stopping this kind of monkey business... And Ubuntu enables it by default. :)

    But even before Yama, process hijacking via ptrace() was not used all that often AFAICT. It looks like it's a lot harder to implement than on Windows. Properly configured (vanilla) Linux systems are apparently a good deal more secure than one might think, given the lack of mandatory access control.
     
    Gullible Jones, Nov 16, 2013
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...