Date: Mon, 24 Feb 1997 01:16:47 +1100 (EST) From: Julian Assange <proff@iq.org> To: eivind@dimaga.com (Eivind Eklund) Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: o [1997/02/01] bin/2634 rtld patches for easy creation of chroot enviroments Message-ID: <199702231416.BAA10178@profane.iq.org> In-Reply-To: <3.0.32.19970223144902.00c19100@dimaga.com> from Eivind Eklund at "Feb 23, 97 02:49:03 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Not quite. If we allow users to do this to setuid binaries, they can make > setuid programs read dangerous config files, and exploit the new behaviour. > A really simple example would be to create a fake /etc with a new > master.passwd and run su. Sure, you have su only in the chroot()ed > environment, but you could easily create a new suid binary... > > There is a reason chroot() is restricted to root, and I think we'd better > keep that. If the patch was changed to restrict use to non-suid only (ie, > root only), I'd be much more comfortable with it. It is restricted to non-suid, just the same as LD_PRELOAD is. There is an "unsafe" field in the scan_tab for all enviromental variables used by ld.so. It's set to on for LD_CHROOT. You may want to have a look at this before presuming I'm a complete fool ;) -- Prof. Julian Assange |If you want to build a ship, don't drum up people |together to collect wood and don't assign them tasks proff@iq.org |and work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702231416.BAA10178>