Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 7/7/83; site rlgvax.UUCP Path: utzoo!linus!philabs!seismo!rlgvax!guy From: guy@rlgvax.UUCP Newsgroups: net.unix-wizards Subject: Re: Security Message-ID: <807@rlgvax.UUCP> Date: Sun, 10-Jul-83 15:00:23 EDT Article-I.D.: rlgvax.807 Posted: Sun Jul 10 15:00:23 1983 Date-Received: Mon, 11-Jul-83 10:35:38 EDT References: <2825@sri-arpa.UUCP> Organization: CCI Office Systems Group, Reston, VA Lines: 26 1) Anybody out there know *why* the 4.1BSD manuals don't document "chroot"? The V7 manual does, and the System III and System V manuals do. 2) On a vanilla V7 system "chroot" is *not* secure. You can reference above your fake root with "..". This bug has been fixed in 4.1BSD and in System III and later USG releases. In fact, there is an undocumented feature of the System III "login"; if the user's login shell begins with "*" (or is "*"), "login" changes the root to the home directory specified in the password file, prints "Subsystem root: ", and attempts to run "/etc/login" and, if that fails, "/bin/login" from the new root. The System V login does all this (which implies it wasn't just a hack) and also sticks the string in the environment (that's right, a string in the environment with no "=" in it!). My interpretation of this is that you put an entry for the *subsystem*, not for the *user*, in the password file (i.e., if you had a subsystem called "anonymous", you would have: anonymous:::::/anonymous:* in the password file. Then you would put the password file for the anonymous user subsystem in "/anonymous/etc/passwd", and either a copy of/link to "/etc/login" or a special login program in "/anonymous/etc/login". Is this how it is intended to be used? And why is it not documented in the System III or System V documentation? Guy Harris {seismo,mcnc,we13,brl-bmd,allegra}!rlgvax!guy