chroot() - (nf)
berry at fortune.UUCP
berry at fortune.UUCP
Fri Jul 15 18:05:05 AEST 1983
#R:sri-arpa:-285600:fortune:11600026:000:613
fortune!berry Jul 14 20:10:00 1983
-------------------
Does anyone know why chroot() is protected?
What harm can be done by a user who restricts himself to
a part of the file-tree?
-------------------
What about the following procedure?
link /bin/login to .../me/bin/login
link /bin/csh to .../me/bin/csh
edit .../my/etc/passwd to contain a root entry with no password
chroot .../me
login root
#
I now have a root shell. Granted I can only play in this filesystem
for now, but what is to keep me from creating files setuid root that merely
exec /bin/csh...
David W. Berry
amd70!fortune!berry
cbosgd!...
harpo!...
hpda!...
More information about the Comp.unix.wizards
mailing list