Date: Tue, 5 Aug 2025 11:11:52 +0930 From: Daniel O'Connor <darius@dons.net.au> To: Jason Bacon <bacon4000@gmail.com> Cc: Dmitry Mikushin <dmitry@kernelgen.org>, freebsd-hackers <hackers@freebsd.org> Subject: Re: Non-root chroot Message-ID: <1899D2A6-39EA-449E-90B4-8059D368D84E@dons.net.au> In-Reply-To: <2cec9309-b7f5-48cf-a97a-768e503186c1@gmail.com> References: <aa1950e6-46d0-44ed-8487-df45bad8b3c8@gmail.com> <CAJoDaPadHvnbe2u=a5pYqCBbHtCq3Ns0NfHXeb0N=zNPVPwEfw@mail.gmail.com> <362fc60e-3279-44af-b05d-f9d290f1b972@gmail.com> <CAJoDaPa4USCBRSEcFmC_8mZ-G-aDNb=jNc2n0B3Y_BBPgAm8Fw@mail.gmail.com> <285D2ECE-8005-4623-B311-6F519A06EF11@dons.net.au> <2cec9309-b7f5-48cf-a97a-768e503186c1@gmail.com>
index | next in thread | previous in thread | raw e-mail
> On 4 Aug 2025, at 22:56, Jason Bacon <bacon4000@gmail.com> wrote: > On 8/3/25 23:41, Daniel O'Connor wrote: >>> On 3 Aug 2025, at 18:39, Dmitry Mikushin <dmitry@kernelgen.org> wrote: >>> Important point is that the user is not obliged to hand in any particular "su" program. The user may hand in any "su"-like code suitable for escaping the chroot. >> You can’t create a setuid binary owned by root without being root so it doesn’t matter. >> -- >> Daniel O'Connor >> "The nice thing about standards is that there >> are so many of them to choose from." >> -- Andrew Tanenbaum > > It may be possible to nullfs mount something into the chroot dir, or dupe the superuser into copying a root-owned file in. The listing below was run in a user-level chroot, where I copied /usr/bin/su in as root from the host: You can’t mount something without being root unless vfs.usermount is set. I guess if you can nullfs mount with vfs.usermount then that is an issue, although I hope that forces nosuid on but I haven’t checked. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaumhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1899D2A6-39EA-449E-90B4-8059D368D84E>