/proc mounted in chroot breaks su
Steve Brueckner
steve at atc-nycorp.com
Fri Jan 28 17:49:58 UTC 2005
Thanks, that was exactly the problem. I mounted /selinux and everybody
seems to be playing nicely now. I really appreciate you picking my post out
of the flood and helping me.
At this point my work with SELinux and chroot is part proof-of-concept, part
learning by tinkering. Once I've learned the capabilities and limitations
of each, I'll develop an actual plan to secure things for real. I just
found Russell Coker's paper on combining the two, so absorbing that is my
next step.
- Stephen Brueckner, ATC-NY
-----Original Message-----
From: Stephen Smalley [mailto:sds at epoch.ncsc.mil]
Sent: Friday, January 28, 2005 7:16 AM
To: For users of Fedora Core releases
Cc: Daniel J Walsh
Subject: Re: /proc mounted in chroot breaks su
On Thu, 2005-01-27 at 17:13, Steve Brueckner wrote:
> Hello, I've got what I think might be a real zinger for y'all:
>
> I've got a chrooted environment that's pretty much a duplicate of my
primary
> file system (I copied almost everything into it). I've also got /proc
> mounted in the chroot environment. Yes, I realize what a security risk
that
> is, but I need the Java to work in the chrooted environment, and that
> requires access to /proc for heap and thread information. I'm using FC3
> with SELinux enabled but in permissive mode (targeted policy). Since it's
> in permissive mode, I don't think the SELinux is coming into play here.
>
> My problem is that I can't drop privilege once I'm in the chrooted
> environment unless I umount /proc from the chrooted environment. For
> example:
>
> # /usr/sbin/chroot /chrootdir
> # su steve
> Password: (I enter it correctly)
> could not open session
> #
>
> But if I umount /chrootdir/proc I get this:
>
> # /usr/sbin/chroot /chrootdir
> # su steve
> $
>
> Note that in the first case, su prompts for my password and in the second
> case it doesn't.
>
> Outside of the chrooted environment, su behaves (correctly) just like su
> inside the chrooted environment with /chrootdir/proc unmounted. This is
an
> apparent paradox: outside the chrooted environment su has access to /proc
> and behaves correctly, but inside the chrooted environment su behaves
> incorrectly when it has access to /proc, and only works when its access to
> /proc is removed!
>
> Any thoughts, ideas, or solutions are welcome. Thanks.
This could actually be an SELinux issue. If /proc is mounted, then
libselinux can tell that SELinux is enabled in the kernel (via a check
for selinuxfs in /proc/filesystems), so pam_selinux will run upon an
attempted su. But pam_selinux needs to interrogate /selinux (selinuxfs)
to get the set of reachable security contexts for the new user. Hence,
mounting /proc without mounting /selinux in your chroot could yield the
behavior you describe. Now, you could certainly modify your
/etc/pam.d/su in your chroot to remove pam_selinux from it so that it
doesn't attempt to run pam_selinux at all. Of course, having su in your
chroot is begging for trouble in the first place...
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the users
mailing list