Xref: utzoo alt.security:1629 alt.bbs:3046 comp.unix.sysv386:782
Path: utzoo!utgpu!cs.utexas.edu!sun-barr!olivea!orc!inews!iwarp.intel.com!gargoyle!chinet!les
From: les@chinet.chi.il.us (Leslie Mikesell)
Newsgroups: alt.security,alt.bbs,comp.unix.sysv386
Subject: Re: Protecting against downloads
Message-ID: <1990Sep27.183258.86@chinet.chi.il.us>
Date: 27 Sep 90 18:32:58 GMT
References: <1990Sep20.153105.28394@naitc.naitc.com> <1990Sep22.024446.3305@chinet.chi.il.us> <1990Sep24.153529.8627@naitc.naitc.com>
Organization: Chinet - Chicago Public Access UNIX
Lines: 17

In article <1990Sep24.153529.8627@naitc.naitc.com> karl@bbs.naitc.com (Karl Denninger) writes:
[re: linked files into chroot area]
>Because if the user gets root in the subshell, he can then modify the "read
>only" files and possibly gain access to the main system area.  The most
>graphic example of this is if you are foolish enough to link /etc/passwd
>(and /etc/shadow for those systems who use it) into the chrooted area.  That
>is as good as not having the chroot in there at all!  Anyone who gets root
>in the chrooted area now can change the password file in the MAIN system
>area, and thus break in with ease.


I don't have any doubts about the power of root, but is there any reason
to think that someone put into a chroot area  where there are no suid
programs can become root by any means?

Les Mikesell
  les@chinet.chi.il.us