Using compartment
 

Hi,

I found a program called compartment (http://www.suse.de/~marc/compartment.html) that supposedly allows me to run a potentially dangerous application in a secure and limited environment.

However, this application has not been maintaind for a long time, with the exception of (http://www.chronox.de/chroot/compartment-1.2.tar.bz2) which is also quite old.

Does anyone have any experience with these programmes? Are they so old because they work fine and didn't need updates, or have they been replaced by newer, more efficient and secure solutions?

I am planning to use this as an added precaution for anything from ftp server to bittorrent.

Any insight greatly appreciated!

-Y1

Look into 'chroot'

I have, but not being an expert on this, and from reading compartment's description, it seems to go much further than "just" chroot ?

From what I can see, chroot only changes the root, while compartment also makes limitations on user, group and also do limitations..

Or am I completely mistaken in my assumtions?

I'd greatly appreciate if you could elaborate or show me some pointers to further reading on the subject.

-Y1

You are right. Sorry.

I don't know why it is no longer maintained, but that often happens to the best software packages. :( If compartment does what you need it to do, use it. Don't worry about how old the thing is.

Are they so old because they work fine and didn't need updates, or have they been replaced by newer, more efficient and secure solutions?
Yes, notably the GRSecurity kernel patch, SELinux (not interchangeable) and (various forms of) virtualization. GRSecurity reinforces chroot, allows finegrained control over resources (RBAC) and extends logging capabilities. SELinux provides a form of RBAC as well. Virtualization doesn't provide security enhancements (in the sense GRSecurity and SELinux do) but mitigates damage by separating the guest O.S. from the host O.S..


I am planning to use this as an added precaution for anything from ftp server to bittorrent.
I think it would be best to first start with host hardening (check out the LQ FAQ: Security references) including extended logging, adding an IDS, auditing and integrity check sw (should be done right after O.S. install) and a backup scenario. Proper host hardening means less ways open holes for corruption. "Better" logging (and parsing and reading), using an IDS (Snort, Prelude), auditing sw (Tiger, Chkrootkit, Rootkit Hunter, number9's NSAT, etc, etc) and integrity check (Aide, Samhain) means you have more layers of inspection and better chances of getting warned and *knowing* what to look for. *After* that decide what features you need in an FTPd (I prefer Muddleftpd as it's security record is better than even Proftpd). If you are going to run a Bittorrent tracker then you will have to invest time hardening your database, webserver and (especially) firewall setup. If you are going to run a Bittorrent client then you can get away with investing considerably less time. The swarm doesn't interact with your client other than shoving packets your way AFAIK.



run a potentially dangerous application in a secure and limited environment.
A bit OT maybe but as you've seen there are different solutions for different tasks. Like for instance I wouldn't want to run unknown hostile code I found in a chroot: I'll use Qemu for that. One final note is that while proper hardening goes a long way and stuff described above can help, nothing compares to relocating (DMZ) "vulnerable" services you need to provide to a separate box (also see: eggs, basket).

HTH

Thanks for very thorough reply - lots of information to digest.

My torrents are only client, not a server, so as you say the risk is probably not too big..

I believe the solution for me is to keep compartment until I've got a stable qemu solution up and running, which as you say is totally separated and thus totally safe.

Thanks again for excellent input - much appreciated!

-Y1

Me writing about "unknown hostile code I found" refers to exploits and stuff like that. While there isn't something like "too much security" Qemu seems a bit too much for just running Bittorrent IMHO.