*BSD News Article 37784


Return to BSD News archive

Xref: sserve comp.os.386bsd.bugs:2589 comp.os.386bsd.questions:14394
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!news.mtu.edu!sol.ctr.columbia.edu!howland.reston.ans.net!pipex!sunic!news.chalmers.se!cs.chalmers.se!augustss
From: augustss@cs.chalmers.se (Lennart Augustsson)
Newsgroups: comp.os.386bsd.bugs,comp.os.386bsd.questions
Subject: Re: chroot() in FreeBSD 1.1.5.1
Followup-To: comp.os.386bsd.bugs,comp.os.386bsd.questions
Date: 11 Nov 1994 23:51:39 GMT
Organization: Dept. of CS, Chalmers, Sweden
Lines: 11
Distribution: world
Message-ID: <3a102b$2le@nyheter.chalmers.se>
References: <39vvl6$90m@clavin.uprc.com> <3a06kq$9bs@dagny.galt.com>
NNTP-Posting-Host: statler.cs.chalmers.se
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
In-reply-to: alex@pc.cc.cmu.edu's message of 11 Nov 1994 16:37:46 GMT

In article <3a06kq$9bs@dagny.galt.com> alex@pc.cc.cmu.edu (alex wetmore) writes:
>    I'm not sure why its implemented this way.  I thought I would find an 
>    answer in Leffler, et al, but I just checked and it didn't say.  The source
>    code for the system call doesn't say either.
Making chroot is available to anyone is not secure.

Just make a directory foo, make a foo/etc/passwd with empty root
password in it.  Then make a link from /bin/su to foo/bin/su,
chroot to foo.  Run su.  Voila, you're now root.

	-- Lennart