Re: Different roots for each process possible?
Roland McGrath <frob@debian.org> writes:
> > Why are root privileges needed for chroot.
>
> There is no such requirement in the Hurd.
I see another possible security issue with this.
What about non-hurd-aware setuid/setgid programs which trust the
authenticity of their config file based on its location within the
filesystem? I'm too lazy to research any particular program to see if
it would have this problem, but I can certainly imagine such problems.
For example, a setuid program mysudo might read a config file
/etc/mysudoers, telling it which users are allowed to become root. If
it were hurd-aware and/or extra careful, it would check the owner of
the file, but since it isn't, it naively assumes that the file's
legitimate because it's in /etc
Now I can do the following within my home directory:
mkdir myroot
cd myroot
mkdir etc
echo myname > etc/mysudoers
ln /usr/bin/mysudo .
cp /bin/sh .
chroot .
./mysudo chown root.root ./sh
./mysudo chmod 4555 ./sh
exit
./sh
and now I've got a root shell. Am I missing something?
Mark
Reply to: