Xref: utzoo news.admin:4200 news.sysadmin:1859 comp.mail.uucp:2479 Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!ukma!rutgers!ucla-cs!michael From: michael@maui.cs.ucla.edu (michael gersten) Newsgroups: news.admin,news.sysadmin,comp.mail.uucp Subject: chroot (was: Re: Dangerous hole in Usenet! Keywords: maps unpacking unshar security hole Message-ID: <18639@shemp.CS.UCLA.EDU> Date: 7 Dec 88 18:18:49 GMT References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP> <1988Nov29.181037.23528@utzoo.uucp> <157@ecicrl.UUCP> Sender: news@CS.UCLA.EDU Reply-To: michael@cs.ucla.edu (michael gersten) Organization: UCLA Computer Science Department Lines: 26 In article <157@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes: >In article <1988Nov29.181037.23528@utzoo.uucp> henry@utzoo.uucp (Henry Spencer) writes: >>In article <155@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes: >>>Secondly, can someone out there explain why chroot is privileged? ... >>>... It seems pretty darn silly that some >>>mechanism that can only be used for *reducing* access rights requires >>>root permission... >> >>because it gives absolute control over the file system, and some parts >>of the file system are vital to the protection system. For example, >>login assumes that the file it finds when it opens "/etc/passwd" is the >>system password file. This doesn't work, though. Lets say I put a dummy passwd in mydir/etc. And I do a "exec chroot mydir login". I then login as root. BUT: I'm in mydir, and I can't get out. Remember: chroot is an absolute limit on directories, i.e., my / == mydir, my /../../.. == mydir. Or are you running V7 which did not have that last bit in there? (Sys5, and I think sys3, did have that corrected limit on chroot).