Subject: Re: chroot: why super-user only?
To: Greywolf , David Young <firstname.lastname@example.org>
From: mouss <email@example.com>
Date: 01/27/2003 17:42:06
At 15:02 23/01/2003 -0800, Greywolf wrote:
> normal user a creates, say, a hierarchy under a mysteriously
>writable directory under the root filesystem, creating a hard link from
>/usr/bin/su to, say, /bogusdir/usr/bin/su.
> said user manages to write his own copy of /etc/master.passwd
>with, say, root's encrypted passwd string removed.
> said user makes an exec wrapper:
> ...compiles it and puts it in as /bogusdir/bin/hole.
> chroot is not restricted. User chroots into /bogusdir, runs
>/usr/bin/su. Bingo. No password. He is now root.
ahem??? if a process can become root while it was not, then there's
an enor-mouss problem somewhere!
>This falls into the same category of "Under what conditions is it safe to
>point a loaded gun at oneself?", really.
If it was me, I'd allow anyone to chroot, as I see no design rationale for
chroot with access control. It's like in real life, being able to drink
give you the right to enter a bar....