Xref: utzoo news.admin:4214 news.sysadmin:1869 comp.mail.uucp:2484 Path: utzoo!utgpu!watmath!clyde!bellcore!rutgers!mailrus!purdue!decwrl!labrea!csli!gandalf From: gandalf@csli.STANFORD.EDU (Juergen Wagner) Newsgroups: news.admin,news.sysadmin,comp.mail.uucp Subject: chroot (was: Re: Dangerous hole in Usenet! Message-ID: <6714@csli.STANFORD.EDU> Date: 7 Dec 88 21:11:18 GMT References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP> <1988Nov29.181037.23528@utzoo.uucp> <157@ecicrl.UUCP> Reply-To: gandalf@csli.stanford.edu (Juergen Wagner) Organization: Center for the Study of Language and Information, Stanford U. Lines: 27 [Sorry, my rn gives me an internal error when I try to followup.] I thought, this had been chewed on for long enough, ... Michael Gersten (michael@maui.cs.ucla.edu) writes: >... > Lets say I put a dummy passwd in mydir/etc. > And I do a "exec chroot mydir login". > I then login as root. > BUT: I'm in mydir, and I can't get out. Right! You can't. But how about copying /bin/sh to your directory, then doing the chroot stuff you describe, and finally typing something like chown root sh chmod 4755 sh Now type "exit" to this shell, and you're back to the login prompt. At your next login (and here chroot is *NO LONGER* active), you will find a setuid root file called sh in that mydir, giving you a root shell with access to the *ENTIRE* file system! 'nuff said. -- Juergen Wagner gandalf@csli.stanford.edu wagner@arisia.xerox.com