Subject: Re: chroot: why super-user only?
To: Greywolf , David Young <>
From: mouss <>
List: tech-kern
Date: 01/27/2003 17:42:06
At 15:02 23/01/2003 -0800, Greywolf wrote:
>         normal user a creates, say, a hierarchy under a mysteriously
>writable directory under the root filesystem, creating a hard link from
>/usr/bin/su to, say, /bogusdir/usr/bin/su.
>         said user manages to write his own copy of /etc/master.passwd
>with, say, root's encrypted passwd string removed.
>         said user makes an exec wrapper:
>         ...compiles it and puts it in as /bogusdir/bin/hole.
>         chroot is not restricted.  User chroots into /bogusdir, runs
>/usr/bin/su.  Bingo.  No password.  He is now root.

ahem??? if a process can become root while it was not, then there's
an enor-mouss problem somewhere!

>This falls into the same category of "Under what conditions is it safe to
>point a loaded gun at oneself?", really.

If it was me, I'd allow anyone to chroot, as I see no design rationale for 
chroot with access control. It's like in real life, being able to drink 
beer doesn't
give you the right to enter a bar....