mounting two times

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

mounting two times

Martynas Venckus
Hello,

I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way. Chrooting it to /var/www/mysql would not
be secure too.

The problem could be solved creating pseudo device for /var/mysql/tmp --
mysql socket would be there, and mount it two times (/var/mysql/tmp,
/var/www/somewhere). Is it possible?

Also it could be done using mount --bind, but openbsd does not support it,
right?

And also, i have seperate partitions to /var/www and /var/mysql, so i can
not hard link the socket cross over partition.

Thanks.

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Lars Hansson
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
> I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
> but web applications could access mysql server only by network, which is
> not the most secure and fast way.

What's not secure about binding to localhost only?

---
Lars Hansson

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

knitti
On 6/19/06, Lars Hansson <[hidden email]> wrote:
> On Monday 19 June 2006 18:12, Martynas Venckus wrote:
> > I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
> > but web applications could access mysql server only by network, which is
> > not the most secure and fast way.
>
> What's not secure about binding to localhost only?

protocol attacks on the application which talks to mysql?
if you use some php stuff (any php sutff ;) and talk to mysql,  you can
manipulate the db by sql injection. if _then_ mysql has e.g. a hole
which allows it to be manipulated or broken out into a shell, a chroot
would help al lot ;)

--knitti

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Lars Hansson
On Monday 19 June 2006 19:09, knitti wrote:
> protocol attacks on the application which talks to mysql?

Uhm, and using a domain socket is different how?

> if you use some php stuff (any php sutff ;) and talk to mysql,  you can
> manipulate the db by sql injection.
And? This has nothing to do with what kind of socket is used. SQL injection
problems doesn't magically go away if you use a domain socket.

> if _then_ mysql has e.g. a hole
> which allows it to be manipulated or broken out into a shell, a chroot
> would help al lot ;)

Uh, yes. it's in a chroot so you'll talk to it using tcp to localhost.

I'm still not clear on exactly why a domain socket is more secure than a
localhost tcp socket. Faster? Sure, but probably not by an amount that
matters. More secure? I really don't see how in this case.

---
Lars Hansson

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Martynas Venckus
> I'm still not clear on exactly why a domain socket is more secure than a
> localhost tcp socket. Faster? Sure, but probably not by an amount that
> matters. More secure? I really don't see how in this case.

Okay, why we should it listen to unneded port? Somebody could insensibly
redirect packets. It's not the way it is supposed to be.

You need to read the file for example, would you read it, or create a
socket, wait for connections from the script and then read it? The more
operations it performs, the more insecure the daemon is.

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Martynas Venckus
In reply to this post by Martynas Venckus
> I am not sure as I have not tried it, but I think mySQL creates its unix
> socket *before* it calls chroot() [or can be very easily fixed anyways].

No it can't create socket before chroot(), then how it would access mysql
data?

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Gilles Chehade
In reply to this post by knitti
On Mon, 19 Jun 2006 13:09:20 +0200
knitti <[hidden email]> wrote:

> On 6/19/06, Lars Hansson <[hidden email]> wrote:
> > On Monday 19 June 2006 18:12, Martynas Venckus wrote:
> > > I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
> > > but web applications could access mysql server only by network, which is
> > > not the most secure and fast way.
> >
> > What's not secure about binding to localhost only?
>
> protocol attacks on the application which talks to mysql?
> if you use some php stuff (any php sutff ;) and talk to mysql,  you can
> manipulate the db by sql injection. if _then_ mysql has e.g. a hole
> which allows it to be manipulated or broken out into a shell, a chroot
> would help al lot ;)
>
> --knitti
>

SQL injection is unrelated to the way mySQL is accessed or to the fact that it
runs chrooted. A badly written PHP application may cause SQL injection attacks
to be possible even with a chrooted mySQL server. Not to mention that a script
may also open a Unix socket just as it could connect to the tcp socket, and it
is very doubtful that an issue would affect the tiny portion of code that does
the handling of connections.

-- veins

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Alexander Hall
In reply to this post by Martynas Venckus
Martynas Venckus wrote:
>> I am not sure as I have not tried it, but I think mySQL creates its unix
>> socket *before* it calls chroot() [or can be very easily fixed anyways].
>
> No it can't create socket before chroot(), then how it would access mysql
> data?

Can you elaborate on this? I don't get it. Unchrooted it creates a
socket (e.g. /var/run/mysql.sock) and then chroots itself to /var/mysql,
where the data exists.

What is (or would be) wrong with that?

/Alexander

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Gilles Chehade
In reply to this post by Martynas Venckus
On Mon, 19 Jun 2006 13:12:20 +0300 (EEST)
"Martynas Venckus" <[hidden email]> wrote:

> Hello,
>
> I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
> but web applications could access mysql server only by network, which is
> not the most secure and fast way. Chrooting it to /var/www/mysql would not
> be secure too.
>
> The problem could be solved creating pseudo device for /var/mysql/tmp --
> mysql socket would be there, and mount it two times (/var/mysql/tmp,
> /var/www/somewhere). Is it possible?
>
> Also it could be done using mount --bind, but openbsd does not support it,
> right?
>
> And also, i have seperate partitions to /var/www and /var/mysql, so i can
> not hard link the socket cross over partition.
>
> Thanks.
>

I am not sure as I have not tried it, but I think mySQL creates its unix
socket *before* it calls chroot() [or can be very easily fixed anyways].
In that case, you simply have to setup mySQL so that it creates the unix
socket within httpd's chroot, it does not have to be within mySQL's.

-- veins

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Gilles Chehade
In reply to this post by Martynas Venckus
On Mon, 19 Jun 2006 15:06:53 +0300 (EEST)
"Martynas Venckus" <[hidden email]> wrote:

> > I am not sure as I have not tried it, but I think mySQL creates its unix
> > socket *before* it calls chroot() [or can be very easily fixed anyways].
>
> No it can't create socket before chroot(), then how it would access mysql
> data?
>

These are two completely unrelated issues ...
The mysql server does not need the socket to access its data, the socket is
there so that *clients* can communicate with the server. Please, read about
chroot and unix sockets, as having a server that creates a unix socket then
chroots "away" is a very common practice.

-- veins

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Adam-29
In reply to this post by Martynas Venckus
On Mon, 19 Jun 2006 15:04:06 +0300 (EEST) "Martynas Venckus" <[hidden email]> wrote:

> > I'm still not clear on exactly why a domain socket is more secure than a
> > localhost tcp socket. Faster? Sure, but probably not by an amount that
> > matters. More secure? I really don't see how in this case.
>
> Okay, why we should it listen to unneded port? Somebody could insensibly
> redirect packets. It's not the way it is supposed to be.
>
> You need to read the file for example, would you read it, or create a
> socket, wait for connections from the script and then read it? The more
> operations it performs, the more insecure the daemon is.

Using a TCP socket instead of a unix domain socket is not performing more
operations.  You will probably have fewer problems if you stop creating
problems for yourself.

Adam

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

knitti
In reply to this post by Lars Hansson
On 6/19/06, Lars Hansson <[hidden email]> wrote:
> On Monday 19 June 2006 19:09, knitti wrote:
> > protocol attacks on the application which talks to mysql?
>
> Uhm, and using a domain socket is different how?

ouch, snafu. sorry, I misunderstood. I don't think there's
any practical security difference betwenn running chrooted
with a domain socket vs. a local tcp socket

--knitti

Reply | Threaded
Open this post in threaded view
|

Re: mounting two times

Martynas Venckus
Okay, everything works like a charm.

I chrooted mysql using chroot(8), than created pseudo file, and 2 vnode
disks.
Then mount {vnode disk} /{chroot path}/var/run/mysql && mount -f {vnode2
disk} /var/www/var/run/mysql.