On Fri, 17 Jul 1998, Carlos Barros wrote:
> On Fri, 17 Jul 1998, Cougar wrote:
>
> > > try changing only the line that start the bind daemon eg:
> > >
> > > chroot /chroot-dns/ /bin/named
> >
> > What this chroot gives You? Actually this is protection against simple
> > exec("/bin/s
On Fri, 17 Jul 1998, Cougar wrote:
> > try changing only the line that start the bind daemon eg:
> >
> > chroot /chroot-dns/ /bin/named
>
> What this chroot gives You? Actually this is protection against simple
> exec("/bin/sh") but every cracker may put chroot("/") before this and a
>On Tue, 14 Jul 1998, Carlos Barros wrote:
>
>> On Tue, 14 Jul 1998, cfb wrote:
>>
>> > The main problem seems to be with the way that debian starts bind
using
>> > the script /etc/init.d/bind. I thought it would be really neat to
just
>> > change the #!/bin/sh at the top of the script to so
On Fri, 17 Jul 1998, Cougar wrote:
> [mod: It is slightly less trivial than 'chroot("/")', but if you can
> execute arbitrary code as root, you can break out of the chrooted
> environment. --REW]
>
> My idea is to run named non-root UID/GID. As named needs to bind port 53
> which is below 1024 th
On Fri, Jul 17, 1998 at 11:30:32AM +0300, Cougar wrote:
> What this chroot gives You? Actually this is protection against simple
> exec("/bin/sh") but every cracker may put chroot("/") before this and all
> the protection is destroyed.
>
> [mod: It is slightly less trivial than 'chroot("/")', but
-BEGIN PGP SIGNED MESSAGE-
Cougar wrote:
>
> On Tue, 14 Jul 1998, Carlos Barros wrote:
>
> > On Tue, 14 Jul 1998, cfb wrote:
> >
> > > The main problem seems to be with the way that debian starts bind using
> > > the script /etc/init.d/bind. I thought it would be really neat to just
>
Carlos Barros wrote:
> On Tue, 14 Jul 1998, cfb wrote:
>
> > The main problem seems to be with the way that debian starts bind using
> > the script /etc/init.d/bind. I thought it would be really neat to just
> > change the #!/bin/sh at the top of the script to something like :
> >#!/u
On Tue, 14 Jul 1998, Carlos Barros wrote:
> On Tue, 14 Jul 1998, cfb wrote:
>
> > The main problem seems to be with the way that debian starts bind using
> > the script /etc/init.d/bind. I thought it would be really neat to just
> > change the #!/bin/sh at the top of the script to somethin
On Tue, 14 Jul 1998, cfb wrote:
> The main problem seems to be with the way that debian starts bind using
> the script /etc/init.d/bind. I thought it would be really neat to just
> change the #!/bin/sh at the top of the script to something like :
>#!/usr/sbin/chroot /chroot-dns/ /bin/
I'm replying to debian-user since this is the only relevant list from
those you sent this message to. Please try to avoid sending to more
than one list. I'm NOT on the debian-user list. I got your message
through debian-isp.
On Tue, July 14 1998, cfb <[EMAIL PROTECTED]> wrote:
|The main problem
Greetings
I just spent a very frustrating evening attempting to chroot bind and
run it as a non-root user. The instructions that I was following were
written for redhat. I use debian. The main difference in the
instructions between the two distributions involved the use of /etc/rc.d
by redh
11 matches
Mail list logo
