l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2002 Apr 05 15:47

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] quake3 serving from behind a firewall
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] quake3 serving from behind a firewall



On Fri, Apr 05, 2002 at 12:50:23AM -0800, ME wrote:
> There have been a slew of security problems with running quake
> servers. (This includes DDoS). No need to explain, the hisory is
> documented "out there."
> 
> Make sure your remain current on versions, and look into running
> automated software to detect certain kinds of attacks and kick/ban users.
> 
> Also, strongly suggest you set it to run as nobody,nogroup in a chrooted
> env. This raises the bar enough to keep most potential exploits away.

I've done this before. There's a nifty little program called uchroot. It's 
like chroot, but it's installed setuid root. It makes the chroot() system 
call, then drops privileges. This lets you su to an unprivileged user, 
then do the chroot, thus keeping su out of the chrooted environment. 

This way, you can keep all setuid-root binaries out of the chroot 
environment. Since only root can make the chroot() system call, this 
should keep an attacker from breaking out of the jail. 

If anyone wants the scripts I use to load Q3 as an unprivileged user in a 
chroot environment, send me mail. 

-- 
Samuel Merritt
PGP key is at http://wwwcsif.cs.ucdavis.edu/~merritt/snmerritt.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00001.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.