[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-get and The_User

Remco Blaakmeer <remco-blaakmeer@quicknet.nl> writes:

> In what way would chroot elevate privileges for a non-root user?

The standard example works something like this, supposing I can write
the directory "foo":

mkdir foo/{bin,etc}
ln /bin/su foo/bin/su
ln /bin/bash foo/bin/bash
ln /etc/halt foo/bin/halt
echo "root::0:0:root:/:/bin/bash" > foo/etc/passwd
chroot foo su -c halt

In other words, setuid programs very very frequently rely on the
authenticity of certain files they find with absolute pathnames, and
if chroot could defeat that, there would be a security hole, so when
BSD added chroot, they made sure it was restricted to root.

The Hurd takes a different tack out: anybody can do chroot, but a
setuid program always has a root directory of the real system root,
not the one inherited from the parent.


Reply to: