chroot(2) security
Larry Campbell
campbell at maynard.UUCP
Sun Oct 5 00:45:55 AEST 1986
In article <1669 at bucsd.bu-cs.BU.EDU> jdh at bucsd.UUCP (Jason Heirtzler) writes:
>Modifying the executable image of su(1), isn't necessary to create
>a loop hole. An unscrupulus user that could use chroot could put HIS
>copy of /etc/passwd in /mnt23/user/test/etc/passwd, and also make a
>hard link from /mnt23/user/test/bin/login to /bin/login; then execve(2)
>(the calling process would inherit the process's root directory)
>to (the link of) the login program...
>The point of all of this being that the fundamental reason chroot(2)
>can't be patched to allow everyone to use it is that hard links
>(though not soft links) are the real cause of the security loop
>hole with chroot.
This only works if /bin and /mnt23/user/test/bin are on the same
filesystem. Most of the systems I know put user files and /bin on
different filesystems. It seems to me that if /mnt23, say, is on
a filesystem on which no suid programs exist, you're safe.
--
Larry Campbell The Boston Software Works, Inc.
ARPA: campbell%maynard.uucp at harvard.ARPA 120 Fulton Street, Boston MA 02109
UUCP: {alliant,wjh12}!maynard!campbell (617) 367-6846
More information about the Comp.unix.wizards
mailing list