chroot()
jhh at ihldt.UUCP
jhh at ihldt.UUCP
Wed Jul 13 01:54:46 AEST 1983
If the process that inherits the new root can create executable
files, the checks in the code are not near enough if the user
runs as user id 0. There are many things that they could do
to increase their permissions. The easiest thing would be to
add a link to .. (which UID 0 can do), and change to that.
More complicated scenarios would be using the mknod system call
to create special device files, and mounting them.
Moral: ID 0 is very special to the operating system, and cannot be trusted
to someone that needs chroot'ed.
John Haller
More information about the Comp.unix.wizards
mailing list