Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/26/83; site ihldt.UUCP Path: utzoo!linus!decvax!genrad!mit-eddie!mit-vax!eagle!mhuxt!mhuxi!mhuxa!houxm!ihnp4!ihldt!jhh From: jhh@ihldt.UUCP Newsgroups: net.unix-wizards Subject: Re: chroot() Message-ID: <1776@ihldt.UUCP> Date: Tue, 12-Jul-83 11:54:46 EDT Article-I.D.: ihldt.1776 Posted: Tue Jul 12 11:54:46 1983 Date-Received: Wed, 13-Jul-83 08:13:53 EDT References: <2840@sri-arpa.UUCP> Organization: BTL Naperville, Il. Lines: 12 If the process that inherits the new root can create executable files, the checks in the code are not near enough if the user runs as user id 0. There are many things that they could do to increase their permissions. The easiest thing would be to add a link to .. (which UID 0 can do), and change to that. More complicated scenarios would be using the mknod system call to create special device files, and mounting them. Moral: ID 0 is very special to the operating system, and cannot be trusted to someone that needs chroot'ed. John Haller