chroot(2) security
apn
apn at nonvon.UUCP
Mon Sep 29 07:59:33 AEST 1986
In article <158 at itcatl.UUCP>, parris at itcatl.UUCP (Parris Hughes) writes:
> Could some wizard out there please clue me in as to why the chroot(2) call
> is only available to the super-user? I'm probably missing something here,
> but I don't see any potential security problems with it. Please E-mail your
> response. Thanks.
>
> Parris {akgua|ihnp4}!gatech!itcatl!parris
Let's do an experiment:
Pretend that chroot can be executed by any user, then
it follows that one could do the following:
cd to your home directory ( or any directory you have write permission)
(we will pretend it is /mnt33/user/test)
make a subdirectory called "etc" in you directory
(this is now /mnt33/user/test/etc)
copy /etc/passwd to /mt33/user/test/etc/passwd
edit out the passwd for root
write a program that changes the root directory to
/mnt23/user/test
and then procedes to exec /bin/login
run the program and log in as the su.
Get the idea ?
-alex p novickis
More information about the Comp.unix.wizards
mailing list