Subject: Re: chroot(2)
To: Todd Vierling <email@example.com>
From: Eduardo E. Horvath <firstname.lastname@example.org>
Date: 10/13/1998 12:49:30
Why do I always get involved in these sorts of things? Sigh....
On Tue, 13 Oct 1998, Todd Vierling wrote:
> : > All the standard methods for breeching root are disabled: su doesn't
> : > work, login doesn't work,
> Since when are login and su disabled in a chrooted environment withthe
> current implementation?
You're missing the original context. We were discussing allowing
chroot(2) to be used by non-root users and the security implications.
After a huge list of changes that would need to be made I suggested that
things were getting complicated and most of the security coult be achieved
if the set[gu]id bits were ignored after a user did a chroot(2). Then the
only other major hole would be device nodes.
Eduardo Horvath email@example.com
"I need to find a pithy new quote." -- me