Protecting against downloads
Leslie Mikesell
les at chinet.chi.il.us
Fri Sep 28 04:32:58 AEST 1990
In article <1990Sep24.153529.8627 at naitc.naitc.com> karl at bbs.naitc.com (Karl Denninger) writes:
[re: linked files into chroot area]
>Because if the user gets root in the subshell, he can then modify the "read
>only" files and possibly gain access to the main system area. The most
>graphic example of this is if you are foolish enough to link /etc/passwd
>(and /etc/shadow for those systems who use it) into the chrooted area. That
>is as good as not having the chroot in there at all! Anyone who gets root
>in the chrooted area now can change the password file in the MAIN system
>area, and thus break in with ease.
I don't have any doubts about the power of root, but is there any reason
to think that someone put into a chroot area where there are no suid
programs can become root by any means?
Les Mikesell
les at chinet.chi.il.us
More information about the Comp.unix.sysv386
mailing list