Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site fortune.UUCP Path: utzoo!linus!philabs!seismo!hao!hplabs!hpda!fortune!berry From: berry@fortune.UUCP Newsgroups: net.unix-wizards Subject: Re: chroot() - (nf) Message-ID: <1266@fortune.UUCP> Date: Fri, 15-Jul-83 04:05:05 EDT Article-I.D.: fortune.1266 Posted: Fri Jul 15 04:05:05 1983 Date-Received: Sat, 16-Jul-83 04:58:47 EDT Sender: notes@fortune.UUCP Organization: Fortune Systems, San Carlos, CA Lines: 31 #R:sri-arpa:-285600:fortune:11600026:000:613 fortune!berry Jul 14 20:10:00 1983 ------------------- Does anyone know why chroot() is protected? What harm can be done by a user who restricts himself to a part of the file-tree? ------------------- What about the following procedure? link /bin/login to .../me/bin/login link /bin/csh to .../me/bin/csh edit .../my/etc/passwd to contain a root entry with no password chroot .../me login root # I now have a root shell. Granted I can only play in this filesystem for now, but what is to keep me from creating files setuid root that merely exec /bin/csh... David W. Berry amd70!fortune!berry cbosgd!... harpo!... hpda!...