Re: apt-get and The_User
Ethan Benson <erbenson@alaska.net> writes:
> On Sat, Dec 02, 2000 at 10:37:41PM -0800, Thomas Bushnell, BSG wrote:
> >
> > I'm a little confused about your example; maybe I've misunderstood it,
> > but I think you're incorrect.
> >
> > Any program which is chrooting into a jail must also make sure there
> > are no open file descriptors to things that might let the user out;
> > notably, if the system has an fchdir syscall.
>
> yes but the chroot() syscall does none of these checks correct? I am
> simply stating why the chroot() call is privileged and only root may
> use it.
I still don't understand your example; I found it very unclear, so I
might be operating under a misunderstanding.
> a completely seperate issue is whether its possible to make a setuid
> root program to allow users to chroot safely. i am only arguing that
> changing the kernel to allow any user to use chroot() would end up
> making chroot() useless for security purposes.
I don't think this is true at all. Suppose a good careful program
chroots a user into a special environment. It's a good, careful
program: it leaves no extra file descriptors hanging around, and it
has designed the chrooted playground carefully. How can such a user
escape from the environment if we let them chroot?
Thomas
Reply to: