NCSA Security R&D
Last Updated: 01/26/2006
Attached Document
Project:
Community Accounts
Attachment:
Requried Tasks and Security Concerns for Jail Creation
-
A new directory structure must be created, including (at a
minimum) /bin, /lib, /etc and other such directories.
-
Certain /etc files must be created or copied into the jail for
authentication to be successful. Exactly which files depend on the
platform, but typically nsswitch.conf, passwd, group and shadow are
minimally required. Other possible files include host and mtab.
-
Certain shared libraries must be copied into the jail for
authentication to be successful. Exactly which files depend on the
platform, but typically libnss is minimally required.
-
All desired applications must be copied into the directory
structure. Dependency information must be determined for these
applications, and all dependencies must also be copied.
Types of dependencies include:
-
Shared libraries (determined by ld.so or equivalent)
-
Interpreters/shells (determined by #! at start of application)
-
If the jail includes any mounts (such as special dev or proc file
systems), an init script must be added to the startup scripts that mounts
these devices/shares.
-
Either the system's syslog daemon must be configured to read from
the jail's /dev/log, or a log repeater daemon must be configured and set
to run at system boot
-
There must be no setuid root binaries within the jailed directory.
-
Libraries and binaries (especially libc) should be owned by root
with permissions set so that no other user can modify them.
-
There should be no devices allowing a user within the jailed
environment direct access to memory or any hard drive, especially the root
partition.
-
Compilers should not be included within the jailed directory
unless absolutely necessary. Likewise, powerful scripting languages (such
as perl) should be avoided unless necessary.
Copyright © 2005-2006,
The Board of Trustees of the University of Illinois. All rights reserved.