Opened 8 years ago

Last modified 4 years ago

#1497 new enhancement

Chroot for socket creator

Reported by: vorner Owned by:
Priority: medium Milestone: Outstanding Tasks
Component: sockcreator Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: Core Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

The socket creator should be able to create a temporary (empty) directory, chroot there and delete the directory. As the socket creator should be the only component running with elevated privileges, it should increase the trust in its safety, even as chroot itself is not primarily security related feature.

Subtickets

Change History (5)

comment:1 Changed 8 years ago by shane

  • Milestone changed from New Tasks to Year 3 Task Backlog

This was discussed on the BIND 10 development list. It's not a bad idea, although see my warning about probably needing a double-chroot here:

https://lists.isc.org/pipermail/bind10-dev/2011-December/002895.html

On FreeBSD the double-chroot does not appear to be necessary, but it also does not seem to hurt.

comment:2 Changed 6 years ago by stephen

  • Milestone set to Common Outstanding Tasks

comment:3 Changed 5 years ago by tomek

  • Component changed from Boss of BIND to sockcreator
  • Version set to git

comment:4 Changed 4 years ago by tomek

  • Milestone changed from Common Outstanding Tasks to DHCP Outstanding Tasks

comment:5 Changed 4 years ago by tomek

  • Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks

Milestone renamed

Note: See TracTickets for help on using tickets.