Re: apt-get and The_User
On Sat, 2 Dec 2000, xsdg wrote:
> ::SNIP? SNIP!::
> > > Use a library which intercepts open, chdir, stat, lstat etc. Load
> > > that via LD_PRELOAD - it should be pretty easy. A 'true' chroot for
> > > non-root is a _very_ bad idea.
> > >
> >
> > Would you care please to be a bit more specific please?What kind of
> > library would that be and why setting up a true chroot environment for
> > user with it's own dpkg would be such a bad idea(I can see some problems
> > with syncing the 2 dpkg databases and deciding what's for user and
> > what's for system)?
> I'd think that it was a bad idea because the user could run `chroot
> bash` and they have a root shell...also, the user could read root's mail
> or do other evil stuff: deleting more files than a normal user can;
> editing logs (if you don't use chattr); `apt-get -y --purge remove
> libc6`...or even `apt-get install {local,remote}_root_exploit` or
> something of that nature...)
<snip from chroot(8)>
NAME
chroot - run command or interactive shell with special
root directory
</snip>
In what way would chroot elevate privileges for a non-root user?
Remco
--
qn-195-66-31-144: 12:00am up 26 days, 10 min, 14 users, load average: 5.86, 3.64, 2.20
Reply to: