Re: apt-get and The_User
Remco Blaakmeer <remco-blaakmeer@quicknet.nl> writes:
> In what way would chroot elevate privileges for a non-root user?
The standard example works something like this, supposing I can write
the directory "foo":
mkdir foo/{bin,etc}
ln /bin/su foo/bin/su
ln /bin/bash foo/bin/bash
ln /etc/halt foo/bin/halt
echo "root::0:0:root:/:/bin/bash" > foo/etc/passwd
chroot foo su -c halt
In other words, setuid programs very very frequently rely on the
authenticity of certain files they find with absolute pathnames, and
if chroot could defeat that, there would be a security hole, so when
BSD added chroot, they made sure it was restricted to root.
The Hurd takes a different tack out: anybody can do chroot, but a
setuid program always has a root directory of the real system root,
not the one inherited from the parent.
Thomas
Reply to: