chroot(2) security
Stuart D. Gathman
stuart at BMS-AT.UUCP
Thu Oct 2 10:05:42 AEST 1986
In article <113 at nonvon.UUCP>, apn at nonvon.UUCP (apn) writes:
> write a program that changes the root directory to /mnt23/user/test
> and then procedes to exec /bin/login
On our system, login only has execute permission for root.
But, one can link in the 'su' command! Even if the /bin directory is
execute only! The resulting superuser process could then *modify* the
su program to allow a special root password after leaving the chroot process.
(Otherwise, even the root process could not access anything below the new
root directory.)
I believe that 'su' is the only problem. Take away 'su' and you can give
them 'chroot'. ('newgrp' is similar but not as bad.)
--
Stuart D. Gathman <..!seismo!{vrdxhq|dgis}!BMS-AT!stuart>
More information about the Comp.unix.wizards
mailing list