Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!ll-xn!nike!ucbcad!ucbvax!brahms!ballou From: ballou@brahms.BERKELEY.EDU (Kenneth R. Ballou) Newsgroups: net.unix-wizards Subject: Re: chroot(2) security Message-ID: <15879@ucbvax.BERKELEY.EDU> Date: Wed, 1-Oct-86 06:36:46 EDT Article-I.D.: ucbvax.15879 Posted: Wed Oct 1 06:36:46 1986 Date-Received: Fri, 3-Oct-86 00:38:48 EDT References: <158@itcatl.UUCP> <113@nonvon.UUCP> Sender: usenet@ucbvax.BERKELEY.EDU Reply-To: ballou@brahms.UUCP (Kenneth R. Ballou) Organization: University of California, Berkeley Lines: 43 In article <113@nonvon.UUCP> apn@nonvon.UUCP (apn) writes: >In article <158@itcatl.UUCP>, parris@itcatl.UUCP (Parris Hughes) writes: >> Could some wizard out there please clue me in as to why the chroot(2) call >> is only available to the super-user? I'm probably missing something here, >> but I don't see any potential security problems with it. Please E-mail your >> response. Thanks. >> >> Parris {akgua|ihnp4}!gatech!itcatl!parris > > Let's do an experiment: > > Pretend that chroot can be executed by any user, then > it follows that one could do the following: > > cd to your home directory ( or any directory you have write permission) > (we will pretend it is /mnt33/user/test) > > make a subdirectory called "etc" in you directory > (this is now /mnt33/user/test/etc) > > copy /etc/passwd to /mt33/user/test/etc/passwd > > edit out the passwd for root > > write a program that changes the root directory to > /mnt23/user/test > and then procedes to exec /bin/login Wait a minute, now it's *my* turn to be missing something here. *Which* /bin/login? If the root directory is now actually /mnt23/user/test, then presumably we would be trying to execute /mnt23/user/test/bin/login, not the /bin/login that is setuid root and which is able to log a user in. > run the program and log in as the su. > -alex p novickis -------------- Kenneth R. Ballou ...!ucbvax!ucbbrahms!ballou Dept. of Mathematics Evans Hall University of California Berkeley, California 94720