[Avcheck] uchroot binary in chroot

AccessWest support@accesswest.com
Wed, 07 Nov 2001 03:28:48 -0700


Hello !


I would like to suggest a change to the chroot
jail of avcheck, for security reasons.

It doesn't make a lot of sense to place the uchroot
binary in the chroot jail. Its not needed there
and might only someday help a carefully crafted email
break the jail, however unlikely that may be.


Suggested change to location of uchroot.

move uchroot to same location as chroot in
the file system.

example (linux)  "/usr/sbin/"

mv /var/spool/uchroot /usr/sbin/


Suggested change in startup script

/usr/bin/env - HOME=/ \
/usr/bin/nice \
/var/spool/avp/uchroot -u avdaemon /var/spool/avp \
/kavdaemon -* -dl -f=/ctl /tst

Would Change to:

/usr/bin/env - HOME=/ \
/usr/bin/nice \
/usr/sbin/uchroot -u avdaemon /var/spool/avp \
/kavdaemon -* -dl -f=/ctl /tst


Regards,

Robert Dalton
AccessWest.com
support@accesswest.com