Re: how to check bind9 chroot

To: debian-security@lists.debian.org
Subject: Re: how to check bind9 chroot
From: Brian Brazil <bbrazil@netsoc.tcd.ie>
Date: Sat, 27 Mar 2004 23:32:09 +0000
Message-id: <[🔎] 20040327233208.GA25708@matrix.netsoc.tcd.ie>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] E1B7JRI-0000iO-00@calista.eckenfels.6bone.ka-ip.net>
References: <[🔎] 20040327103252.GB6896@matrix.netsoc.tcd.ie> <[🔎] E1B7JRI-0000iO-00@calista.eckenfels.6bone.ka-ip.net>

On Sat, Mar 27, 2004 at 08:25:52PM +0100, Bernd Eckenfels wrote:
> In article <[🔎] 20040327103252.GB6896@matrix.netsoc.tcd.ie> you wrote:
> > Of course Linux chroot is broken. Found that out after doing chown -R 0.0
> > .. in a chroot while I was compiling LFS. (Was running SuSE 7.0 at the
> > time - 2.4.19).
> 
> Well linux chroot has a limited set of capabilties. Especially it does not
> protect you from root, because of the double-chroot issue. But I am not sure
> what your problem with chmod is, can you explain?

I assume you meant chown, not chmod but what I said holds.

mkdir /LFS
chroot /LFS	#Pretend there's a shell etc.
chown -R 0.0 * .* #There were some dotfiles

This resulted in my entire directory structure being owned by root -
which broke quite a bit of stuff. Came across a reference a few months
ago indicating this was the 'correct' behaviour for Linux.

Brian

Reply to:

Follow-Ups:
- Re: how to check bind9 chroot
  - From: Michael Stone <mstone@debian.org>

References:
- Re: how to check bind9 chroot
  - From: Brian Brazil <bbrazil@netsoc.tcd.ie>
- Re: how to check bind9 chroot
  - From: Bernd Eckenfels <ecki@calista.eckenfels.6bone.ka-ip.net>

Prev by Date: Debian, Super deals on CialT1is, 80 pecernt off!
Next by Date: Re: how to check bind9 chroot
Previous by thread: Re: how to check bind9 chroot
Next by thread: Re: how to check bind9 chroot
Index(es):
- Date
- Thread