> In summary, the strongest feature touted by sctc is that chroot() is vulerable
> to buffer overflows. In my eyes, this means that if a proxy were to get
> subverted, it would not take much to subvert the chroot() setuid() calls and
> gain full access over the firewall. I would like to hear if anyone has
> comments on this issue..??
To clarify, the chroot() call itself is not vulerable to buffer
overflows, but a process may "escape" from the chrooted environment.
Overrunning a fixed size buffer is a classic bug in servers which
attackers use to cause the server process to execute the attackers
instructions. Once the attacker is able to get his/her code called,
they may be able to get through the firewall. They can make system
calls, including networking calls to the internal network or calling
mknod() to create a new device to access the entire file system.
If you are running on a stock operating system, using chroot() and
setuid() calls appropriately will make your system more secure, but
they are not going to be as bullet-proof as mandatory access controls
enforced by the operating system -- in Sidewinder these controls are
provided by type enforcement and network seperation.
Ted Stockwell, stockwel @