Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!cbatt!ihnp4!qantel!ptsfa!nonvon!apn
From: apn@nonvon.UUCP (apn)
Newsgroups: net.unix-wizards
Subject: Re: chroot(2) security
Message-ID: <113@nonvon.UUCP>
Date: Sun, 28-Sep-86 17:59:33 EDT
Article-I.D.: nonvon.113
Posted: Sun Sep 28 17:59:33 1986
Date-Received: Tue, 30-Sep-86 08:34:19 EDT
References: <158@itcatl.UUCP>
Organization: Nonvon Systems Computer Research Group
Lines: 34
Summary: chroot only for su

In article <158@itcatl.UUCP>, parris@itcatl.UUCP (Parris Hughes) writes:
> Could some wizard out there please clue me in as to why the chroot(2) call
> is only available to the super-user?  I'm probably missing something here,
> but I don't see any potential security problems with it.  Please E-mail your
> response.  Thanks.
> 
> Parris				{akgua|ihnp4}!gatech!itcatl!parris

	Let's do an experiment:

	Pretend that chroot can be executed by any user, then
	it follows that one could do the following:

	cd to your home directory ( or any directory you have write permission)
	(we will pretend it is /mnt33/user/test)

	make a subdirectory called "etc" in you directory
	(this is now /mnt33/user/test/etc)

	copy /etc/passwd to /mt33/user/test/etc/passwd

	edit out the passwd for root

	write a program that changes the root directory to
	/mnt23/user/test
	and then procedes to exec /bin/login

	run the program and log in as the su.


	Get the idea ?


	-alex p novickis