[Avcheck] uchroot binary in chroot
AccessWest
support@accesswest.com
Wed, 07 Nov 2001 03:28:48 -0700
Hello !
I would like to suggest a change to the chroot
jail of avcheck, for security reasons.
It doesn't make a lot of sense to place the uchroot
binary in the chroot jail. Its not needed there
and might only someday help a carefully crafted email
break the jail, however unlikely that may be.
Suggested change to location of uchroot.
move uchroot to same location as chroot in
the file system.
example (linux) "/usr/sbin/"
mv /var/spool/uchroot /usr/sbin/
Suggested change in startup script
/usr/bin/env - HOME=/ \
/usr/bin/nice \
/var/spool/avp/uchroot -u avdaemon /var/spool/avp \
/kavdaemon -* -dl -f=/ctl /tst
Would Change to:
/usr/bin/env - HOME=/ \
/usr/bin/nice \
/usr/sbin/uchroot -u avdaemon /var/spool/avp \
/kavdaemon -* -dl -f=/ctl /tst
Regards,
Robert Dalton
AccessWest.com
support@accesswest.com