Re: chroot wrapper? (Re: Another pbuilder run finished)
On Thu, 2 Jan 2003 18:05, Adrian 'Dagurashibanipal' von Bidder wrote:
> Is there any reason (beyond Unix history), why chroot is root-only? Can
> anything bad happen at all?
On a typical Unix setup you can escape from a chroot environment via another
chroot. So making it root-only means that a non-root process in a chroot
environment is trapped.
Of course there are other solutions to this (grsec and selinux).
> A suid version of chroot would perhaps be interesting (of course, the
> command given to chroot would be executed by the normal user)
One thing I'm working on is a SUID root program to chroot and run a chroot as
root (with SE Linux to control it so that it can't do any harm).
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page