[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-get and The_User

::SNIP? SNIP!::
> > Use a library which intercepts open, chdir, stat, lstat etc.  Load
> > that via LD_PRELOAD - it should be pretty easy.  A 'true' chroot for
> > non-root is a _very_ bad idea.
> > 
> 
> Would you care please to be a bit more specific please?What kind of
> library would that be and why setting up a true chroot environment for
> user with it's own dpkg would be such a bad idea(I can see some problems
> with syncing the 2 dpkg databases and deciding what's for user and
> what's for system)?
I'd think that it was a bad idea because the user could run `chroot bash` and they have a root shell...also, the user could read root's mail or do other evil stuff: deleting more files than a normal user can; editing logs (if you don't use chattr); `apt-get -y --purge remove libc6`...or even `apt-get install {local,remote}_root_exploit` or something of that nature...) 
	--xsdg

-- 
  ____________________________________________________________________________
 / It is better to let one suspect that you are a fool than to open your mouth\
{    and leave them no doubt.    http://xsdg.hypermart.net  xsdg@softhome.net  }
 \____________________________________________________________________________/
Reply to: