Subject: Re: chroot() behaviour? (was Re: tar ignores filenames that contain `..')
To: Greywolf <email@example.com>
From: Andrew Brown <firstname.lastname@example.org>
Date: 10/31/2002 14:05:56
># Actually netbsd chroot seems to have fixed the easy escape,
># can fchroot be used instead:
># fd = open("/",..);
>I just had a thought. Presumably, the reason for not permitting chroot()
>is that one could potentially hard link something like login or su into
>their tree, provide their own password databases and gain root access via
>a shell. At least that was the rationale explained to me for not allowing
>chroot() by normal users.
that's exactly it. it's trivial to do, too, and requires about three
minutes of thought. and a properly writable filesystem.
>What if chroot() were to create/cause exec semantics such that, if not
>called by a super-user, setuid/setgid would be ignored?
that would be...almost pointless, no? i mean, if the binary weren't
setuid *at all*, then root could still switch to the appropriate
|-----< "CODE WARRIOR" >-----|
email@example.com * "ah! i see you have the internet
firstname.lastname@example.org (Andrew Brown) that goes *ping*!"
email@example.com * "information is power -- share the wealth."