Date: Sun, 13 Apr 2003 10:20:35 -0500 From: Mark Shepard <mns@BEST.COM> To: freebsd-security@freebsd.org Subject: chroot() as non-root user? Message-ID: <5.2.0.9.2.20030413101417.022481b0@127.0.0.1>
next in thread | raw e-mail | index | archive | help
I suspect this has been asked before but I'll ask anyway. Q1: Is it possible for a non-root process to perform a chroot? My interest is this: I have a typical ISP hosting account (verio; on a FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet protect myself (and my email, and my .ssh keys) from bugs being exploited in those CGI packages. Chroot at the start of each CGI would do the trick, but requires root. I suspect the answer here is "only root can do this"... which leads me to ask, in general: Q2: Why is chroot() only available to root? I'm aware of *one* security issue: if a non-root user can perform chroot(), they can alter the name-space "seen" by setuid programs, and potentially compromise them (assuming a user-writable directory [like /tmp] on the same partition as a setuid program.) Are there any other reasons? (Besides the issues with fchdir() which I assume are adequately fixed). Assuming there aren't any other issues leads to my last Q... Actually, a proposal: Q3: Why not allow non-root users to chroot() _as long as the target dir. is on a partition mounted nosuid_? Seems like this would be a simple mechanism (both to understand and to implement) and would allow regular users to take advantage of chroot to improve the security of scripts, CGIs, etc. Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.2.20030413101417.022481b0>