Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!ux1.cso.uiuc.edu!ux1.cso.uiuc.edu!uxc.cso.uiuc.edu!kailand!pwolfe From: pwolfe@kailand.kai.com Newsgroups: comp.sources.d Subject: Re: Safer unsharing -- why chroot() *re Message-ID: <2900009@kailand> Date: 28 Oct 89 00:41:03 GMT References: <89@ Lines: 37 Nf-ID: #R: To break security with chroot(): > > 3. While it's sleeping, in another shell, cd to that fake root > directory. "ln /bin/su ./bin/su" to install su in the fake /bin > directory. Also, "cat ~/xyz ./etc/passwd" to install a fake > /etc/passwd file, one whose root password you know. > > Dale drw@math.mit.edu To re-inforce security with chroot, place the same protections in the chroot file system that you would in the real file system. System files are owned and writable only by root. Your method of breaking chroot works only if someone has an account in both the real and chroot file systems, and can copy files between the two. If users have access to the root account or password file in the chroot filesystem, then, yes, they can gain access to the root (or any other) account in the real filesystem. I have built a "chroot" file system that I would defy you to break out of. We use it to provide guest accounts (for email and games) to employee's family members. Nobody who has an account in this file system has an account in the real one, and visa versa. It is a partial clone of the real file system (/dev, /etc, /usr, /bin), containing only the files and programs that are neccessary for it's operation. It resides in it's own 7 Mb partition, so guests can't fill up any real user partitions. The person you responded to only wanted to make sure the shar that comes from offsite doesn't do anything destructive. I think using chroot is going a little overboard. One safer (and easier) method would be to write a program to interpret the shar file, executing only commands you deem neccessary (if, wc, cat, sed, etc). Shouldn't be too hard, in fact aren't such things already available? Patrick Wolfe (pat@kai.com, kailand!pat) System Manager, Kuck & Associates, Inc.