Ridding myself of root passwords?

Dan Egli ddavidegli at gmail.com
Sat Feb 8 01:43:58 MST 2014


> You *still* have doubts about that after you got hacked via a

> privilege escalation exploit!? Come On.



[ Much chatter about pros/cons of selinux deleted ]



It seems like such a simple idea to me, but couldn't you run your daemon in
a chroot jail? Since it was a bitcoind process, perhaps you could have
started it in /var/bitcoin and chroot to that directory. Since there
absolutely no way to disable UID 0 (you can disable "root" but UID 0 is
there for good) this seems to me to be an acceptable compromise until you
can figure out exactly how to make bitcoind and selinux play nice.



Now maybe there's a reason why you can't use chroot. If so, then fine. But
that's what I'd have done myself.







On Fri, Feb 7, 2014 at 12:08 PM, Andy Bradford <amb-plugg at bradfords.org>wrote:

> Thus said Michael Torrie on Thu, 06 Feb 2014 23:34:08 -0700:
>
> > It's my  understanding that  once you  have root in  a chroot  you can
> > escape the chroot quite easily. Am I wrong about this?
>
> You're right. Don't put SUID binaries in the chroot.
>
> Andy
> --
> TAI64 timestamp: 4000000052f47f78
>
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list