Re: apt-get and The_User
::SNIP? SNIP!::
> > Use a library which intercepts open, chdir, stat, lstat etc. Load
> > that via LD_PRELOAD - it should be pretty easy. A 'true' chroot for
> > non-root is a _very_ bad idea.
> >
>
> Would you care please to be a bit more specific please?What kind of
> library would that be and why setting up a true chroot environment for
> user with it's own dpkg would be such a bad idea(I can see some problems
> with syncing the 2 dpkg databases and deciding what's for user and
> what's for system)?
I'd think that it was a bad idea because the user could run `chroot bash` and they have a root shell...also, the user could read root's mail or do other evil stuff: deleting more files than a normal user can; editing logs (if you don't use chattr); `apt-get -y --purge remove libc6`...or even `apt-get install {local,remote}_root_exploit` or something of that nature...)
--xsdg
--
____________________________________________________________________________
/ It is better to let one suspect that you are a fool than to open your mouth\
{ and leave them no doubt. http://xsdg.hypermart.net xsdg@softhome.net }
\____________________________________________________________________________/
Reply to: