Date: Mon, 9 Sep 1996 17:57:53 -0500 From: rkw@dataplex.net (Richard Wackerbarth) To: Zach Heilig <zach@blizzard.gaffaneys.com> Cc: security@freebsd.org Subject: Re: Question about chroot Message-ID: <v02140b0eae5a4d949122@[208.2.87.4]>
next in thread | raw e-mail | index | archive | help
Thanks everyone for the many replies. >In a previous message, Richard Wackerbarth wrote: >>If that is the case, why wouldn't it be good enough for chroot to be suid >>root and allow any user to execute it? > >>Am I overlooking some security hole? > >Yes. > >This is one reason it is bad to have a world-writable directory on the >same filesystem as the /usr filesystem. Fundamentally, the problem it that certain suid-root programs can 1) be copied and 2) trust the contents of files based solely on their path. In addition, there is no distinction made between "root" in the global environment and "root" in the chrooted environment. As a result, anyone who can "chroot" can trick the system into adopting the chrooted "root" as the global "root". Hence the solution is to either "fix" those routines which are suid-root so that they cannot be make to reference a trojan file (the password file). Otherwise, we have to adopt the present solution of restricting the chroot to "root". And "he" better be very careful in using it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v02140b0eae5a4d949122>