Re: chroot wrapper? (Re: Another pbuilder run finished)

To: debian-devel@lists.debian.org
Subject: Re: chroot wrapper? (Re: Another pbuilder run finished)
From: Richard Braakman <dark@xs4all.nl>
Date: Fri, 3 Jan 2003 07:37:09 +0200
Message-id: <[🔎] 20030103053709.GA1795@night>
In-reply-to: <[🔎] 1041527121.595.9.camel@altfrangg.fortytwo.ch>
References: <87hed1mjyd.wl@atoron.work.isl.doshisha.ac.jp.doshisha.ac.jp> <[🔎] E18U2DH-0004BC-00@mx1.toplink-plannet.de> <[🔎] 200301021127.35016.russell@coker.com.au> <[🔎] 200301022227.50650.peter@hawkins.emu.id.au> <[🔎] 1041527121.595.9.camel@altfrangg.fortytwo.ch>

On Thu, Jan 02, 2003 at 06:05:22PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> Is there any reason (beyond Unix history), why chroot is root-only? Can
> anything bad happen at all?

Yes. Giving users chroot access would make it even harder to write
correct setuid programs.

Suppose you have write access anywhere on the filesystem that
contains /bin/su.  Then you can make a hardlink to /bin/su, put it
in a chroot area that contains a custom /etc/passwd, and enjoy your
new root access.

Richard Braakman

Reply to:

References:
- Re: Another pbuilder run finished
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Another pbuilder run finished
  - From: Russell Coker <russell@coker.com.au>
- Re: Another pbuilder run finished
  - From: Peter Hawkins <peter@hawkins.emu.id.au>
- chroot wrapper? (Re: Another pbuilder run finished)
  - From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>

Prev by Date: Re: POSIXLY_CORRECT and install scripts
Next by Date: Re: A birthday message and a RFS for Film Gimp 0.13-1
Previous by thread: Re: chroot wrapper? (Re: Another pbuilder run finished)
Next by thread: Re: Another pbuilder run finished
Index(es):
- Date
- Thread