chroot versus jail for the name daemon
Robert Downes
nullentropy at lineone.net
Sat Jun 12 04:59:38 PDT 2004
Newbie Fodder (skip down the page if old and wise):
The FreeBSD Handbook describes running BIND (named) in a sandbox, i.e.
using chroot to force the named to think that its place in the
filesystem is actually the filesystem root when it's not, so it sees
/somewhere/deep/inthe/file/jungle as /. So if hackers break named they
theoretically cannot attack the real root of the filesystem, only what
is within the chroot path.
Then the Handbook rather offhandedly mentions that some people would
recommend putting named into a jail instead. So I've been looking into
the jail system in FreeBSD, and comments suggest that it offers better
security. On the surface, jail seems to do the same thing: deceive a
process into believing that its place in the filesystem is root, and
stopping access to directories outside that path.
Questions (for the old and wise):
So, are there any FreeBSD-internals masters who can answer the following:
1) What happens if named is broken with neither chroot nor jail,
assuming named is running as user and group bind (rather than as root)?
2) What happens if named is broken while using chroot?
3) What happens if named is broken while in a jail, and how is this
less dangerous than using chroot?
Also, can FreeBSD run as a gateway with NAT while using a jail? A jail
needs its own IP address, and that seems to intefere with the way other
services need to be configured.
--
Bob
London, UK
More information about the freebsd-questions
mailing list