Ridding myself of root passwords?
ddavidegli at gmail.com
Sat Feb 8 01:43:58 MST 2014
> You *still* have doubts about that after you got hacked via a
> privilege escalation exploit!? Come On.
[ Much chatter about pros/cons of selinux deleted ]
It seems like such a simple idea to me, but couldn't you run your daemon in
a chroot jail? Since it was a bitcoind process, perhaps you could have
started it in /var/bitcoin and chroot to that directory. Since there
absolutely no way to disable UID 0 (you can disable "root" but UID 0 is
there for good) this seems to me to be an acceptable compromise until you
can figure out exactly how to make bitcoind and selinux play nice.
Now maybe there's a reason why you can't use chroot. If so, then fine. But
that's what I'd have done myself.
On Fri, Feb 7, 2014 at 12:08 PM, Andy Bradford <amb-plugg at bradfords.org>wrote:
> Thus said Michael Torrie on Thu, 06 Feb 2014 23:34:08 -0700:
> > It's my understanding that once you have root in a chroot you can
> > escape the chroot quite easily. Am I wrong about this?
> You're right. Don't put SUID binaries in the chroot.
> TAI64 timestamp: 4000000052f47f78
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG