Xref: utzoo news.admin:4376 news.sysadmin:2011 comp.mail.uucp:2544
Path: utzoo!utgpu!jarvis.csri.toronto.edu!me!radio.astro!utmanitou!lsuc!attcan!uunet!lll-winken!lll-tis!ames!nrl-cmf!ukma!rutgers!att!alberta!ubc-cs!van-bc!rsoft!frank
From: frank@rsoft.UUCP (Frank I. Reiter)
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Subject: Re: chroot (was: Re: Dangerous hole in Usenet!
Summary: Don't forget setuid
Keywords: maps unpacking unshar security hole
Message-ID: <4@rsoft.UUCP>
Date: 9 Dec 88 17:26:57 GMT
References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP> <
Reply-To: frank@rsoftbbs.UUCP (Frank I. Reiter)
Organization: Reiter Software Inc.
Lines: 20

In article <18639@shemp.CS.UCLA.EDU> michael@cs.ucla.edu (michael gersten) writes:
[Lots deleted]
>This doesn't work, though.
>
>Lets say I put a dummy passwd in mydir/etc.
>And I do a "exec chroot mydir login".
>I then login as root.
>BUT: I'm in mydir, and I can't get out.

But in mydir may be a "rootsh" program which invokes /bin/sh.  After logging
in as root I could :

chown root rootsh;chmod u+s rootsh

and log back out.  Next time I login I have a nifty little command called
rootsh that is su without the password.
-- 
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
Frank I. Reiter             \ /     UUCP:     {uunet,ubc-cs}!van-bc!rsoft!frank
Langley, British Columbia   / \      BBS:     Mind Link @ (604)533-2312
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*