Xref: utzoo news.admin:4308 news.sysadmin:1950 comp.mail.uucp:2533
Path: utzoo!utgpu!attcan!uunet!mcvax!enea!dkuug!ambush!steenkl
From: steenkl@ambush.UUCP (Steen Koefoed Larsen)
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Subject: Re: chroot (was: Re: Dangerous hole in Usenet!
Keywords: maps unpacking unshar security hole
Message-ID: <891@ambush.UUCP>
Date: 13 Dec 88 10:45:37 GMT
References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP> <1988Nov29.181037.23528@utzoo.uucp> <157@ecicrl.UUCP> <18639@shemp.CS.UCLA.EDU>
Organization: AmbraSoft A/S (Denmark)
Lines: 47

michael@maui.cs.ucla.edu (michael gersten) writes:

>In article <157@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes:
>>In article <1988Nov29.181037.23528@utzoo.uucp> henry@utzoo.uucp (Henry Spencer) writes:
>>>In article <155@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes:
>>>>Secondly, can someone out there explain why chroot is privileged? ...
>>>>... It seems pretty darn silly that some
>>>>mechanism that can only be used for *reducing* access rights requires
>>>>root permission...
>>>
>>>because it gives absolute control over the file system, and some parts
>>>of the file system are vital to the protection system.  For example,
>>>login assumes that the file it finds when it opens "/etc/passwd" is the
>>>system password file.

>This doesn't work, though.

>Lets say I put a dummy passwd in mydir/etc.
>And I do a "exec chroot mydir login".
>I then login as root.
>BUT: I'm in mydir, and I can't get out.

>Remember: chroot is an absolute limit on directories, i.e.,
>my / == mydir,
>my /../../.. == mydir.

>Or are you running V7 which did not have that last bit in there?
>(Sys5, and I think sys3, did have that corrected limit on chroot).


I would not like to have a root user with a chroot'ed filesystem
playing around on my machine.

What would happen if this user vere able to place the kill or the mknod
command in his filesystem.

He could also make a setuid sh in the limited filesystem and execute
this from a normal login.

etc. etc. (This is a long long long list)

I really like the fact that chroot is privileged!

--
Steen Koefoed Larsen, AmbraSoft A/S, Development Dept., Roejelskaer 15,
DK-2840 Holte, Denmark.  Tel: (+45) 2 807522  Fax: (+45) 2 423090
EUnet: steenkl@ambush.dk or !{uunet, mcvax}!dkuug!ambush!steenkl