1 |
Hi, |
2 |
I'm no expert but since you ask for opinions, here are some of mine :) |
3 |
(Please, anyone, correct me, where I'm wrong.) |
4 |
|
5 |
|
6 |
> 2) suppose I chroot Apache: what chances it still has to harm something in the |
7 |
> outside OS? My knowledge about various system capabilities, network etc is |
8 |
> too little, so enlighten me... And how big is an Apache chroot? |
9 |
|
10 |
Starting with the last question - this, to my knowledge, seems to be |
11 |
irrelevant. Chrooting (at least the simple cases I know and use) does |
12 |
not require any additional or dedicated disk space. It is, in its |
13 |
basic nature, an operation of changing the environment so that it |
14 |
seems as if some chosen path (say /usr/chroot) was actually the root |
15 |
(/) path. And as such, it is visible to all the programs run in this |
16 |
env. |
17 |
I'm not sure I understand the first part of the question - do you |
18 |
mean, "what chances" of: |
19 |
1) the chroot itself harming your OS, |
20 |
2) you harming your OS by possible administrative mistakes - chroot confusions, |
21 |
or |
22 |
3) a potential attacker harming your OS after having compromised the Apache? |
23 |
|
24 |
All of these are _some_ threats. If I were to try and order them |
25 |
according to probabilities of mishaps, it'd be 2-1-3. That's assuming |
26 |
you know not-too-much of how the system is structured. But it all |
27 |
depends on really many, many, (...) things. For instance, if you just |
28 |
hang on to some tutorial, then any of the first two is the more |
29 |
possible, the more you decide to do your own way. But generally, I'd |
30 |
bet the first is far less probable than 2, while both are quite |
31 |
unlikely once you understand the idea of chroot and be careful to keep |
32 |
it in mind at all times. |
33 |
Still, I must say I know no details of "typical" Apache chroot |
34 |
scenarios. As far,as I can imagine, there shouldn't be a place for |
35 |
many tricky parts of it. But I'd be pleased to hear someone more |
36 |
experienced in these matters. |
37 |
The no. 3 is probably by far the least probable, as, firstly - the |
38 |
chance of a random, small, non-production http server on the web being |
39 |
attacked is very little. That is, the_http_server_itself. I believe it |
40 |
is a few times more likely for a _box_ being attacked in other ways, |
41 |
just because it showed itself to the web (running a http server), |
42 |
rather than the http server itself being targeted against. And |
43 |
secondly, once the Apache server is chrooted, the probability of the |
44 |
system being harmed in _direct_ consequence of the fact that http got |
45 |
compromised is greatly lessened thanks to chroot. Mind the "direct" |
46 |
though, as it refers to the previous comment. |
47 |
|
48 |
> |
49 |
> And by the way, how big are the risks for sshd and ntpd to open up a way into |
50 |
> the hardened gentoo system? Can that recent ntp glsa be ignored, if its |
51 |
> hardened with memory protections? |
52 |
|
53 |
At this point, again, I have to admit my ignorance, as I don't know in |
54 |
what ways sshd, ntpd or any-d at all is actually hardened in h-g. Yet |
55 |
I can just bet, that no matter how brilliant ideas of the h-g team are |
56 |
brought into effect, potential ssh access being the most looked for by |
57 |
the attackers, will be the one that, once gained, would pose the |
58 |
greatest threat to the system. (NOW I get to be yelled at ;D) |
59 |
I'm not saying it is easy to break into - certainly, in its |
60 |
architecture, it isn't! I just mean that, in its nature, it can expose |
61 |
the weakest points of your configuration and provide the most |
62 |
convenient way of accessing the box, once compromised. Just keep this |
63 |
in mind. |
64 |
|
65 |
Ok, as I probably have made a fool (and ignorant) of myself anyway by |
66 |
now, I'll add just one more stupid sentence: I haven't read the glsa |
67 |
you refer to, but I would bet there would be many easier ways for an |
68 |
attacker to get into a newly-and-n00bly setup server than compromising |
69 |
ntpd. |
70 |
|
71 |
Done. Now I get the laughs, please... |