[12591] in bugtraq
Re: BIND bugs of the month (fwd)
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Nov 15 01:58:29 1999
Content-Type: text
Message-Id: <E11nATL-0000bA-00@the-village.bc.nu>
Date: Mon, 15 Nov 1999 00:58:15 +0000
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: cyarnell@WWIV.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.20.9911132114570.28152-100000@fear.net.kooks.net>
from "Chris Yarnell" at Nov 13, 99 09:15:32 pm
> when i saw the linux chroot("../../../../../../../..") hole i about fell
> out of my chair. truly no place is safe any more.
Not a bug. chroot() requires root. root can use ioperm and other stuff.
If you put a setuid app or a root app in a chroot jail you are a fool.
Its not an OS specific bug either, its part of the way chroot()
works.
Named run sanely (as non-root and re-execed on an interface change) in
a chroot jail is pretty safe from exposing the machine, but as Dan
rightly points out not from subverting your DNS.
If you think bind is unauditable then help work on DENTS
(www.dents.org)
