chroot()
jfw%mit-ccc at BRL.ARPA
jfw%mit-ccc at BRL.ARPA
Thu Jul 7 11:41:33 AEST 1983
I have just tried your suggestion on MIT-CCC, which is a V7 PDP 11/45.
The program is as follows:
main()
{
if (chroot("/usr/jfw") < 0)
exit(perror("/usr/jfw"));
setuid(getuid());
execl("sh","sh",0);
}
In my home directory, by the way, is a copy of /bin/sh.
This program is SUID root. What happens when I run it is the following:
I see a shell which believes that /usr/jfw is the root. I say "ls /"
and see my files (there is a copy of ls in /usr/jfw, too). BUT: If I
type:
cd ..
the kernel obligingly looks up the inode which is linked under the name ".."
and my shell lands there. Most people call it "/usr". I know not what
pwd would call it, but I certainly am no longer restricted to the /usr/jfw
heirarchy. I then type "cd .." again and land in the root, which is on
another device.
As far as 4.1BSD goes: The code for chroot(), chdir(), and chdirec() (the
underlying code of both) is character for character the same: ERGO, 4.1
does exactly the same. If you tried it and got the results you claim, then
you are running something which isn't standard. If you haven't tried these
cases (nor thought about them), then I think you have overlooked something.
Summary: REMEMBER that UNIX heirarchy reverse-links are implemented with
pointers that turn the directed acyclic graph you think you see into a
heavily-cyclic graph. If you want to do this, I suppose that you could remove
the ".." pointer in /usr/guests, but a lot of UNIX utilities are going to
throw up their hands at that.
The only truly secure system is a personal computer locked in a room -- with
the power cord unplugged. Undo any of those, and you've got to accept
compromises.
John Woods, jfw%mit-ccc at Mit-MC
More information about the Comp.unix.wizards
mailing list