Re: Chroot breach in 2.1.100+

Mitchell Blank Jr (mitch@execpc.com)
Mon, 21 Sep 1998 17:35:32 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brandon S. Allbery KF8NH: "Re: Firewalling and network resource consumption while under attack"
Previous message: Alan Cox: "System 5 shared memory: before I do somethign stupid..."

David Lang wrote:
> what I am meaning by this question is that I have several machines where
> aprocess is started chrooted from inetd. in order for the dhroot to
> succeed the uid must be root. the process is now running as root and

What you need is Venema's chrootuid program:

ftp://ftp.win.tue.nl/pub/security/chrootuid1.2.shar.Z

Is like /usr/sbin/chroot, but also starts the process as a different uid.

-Mitch

ps: I'm very insterested in the chroot jail with uid==0 case and have
been working in the background on some sysctl-controlled hacks
for this case. I had been waiting until 2.3 to bring them up
here though -- certainly nothing will happen before 2.2 so lets
not talk about it here. If there are others interested in this
cause please email me privately so I know where you are.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Brandon S. Allbery KF8NH: "Re: Firewalling and network resource consumption while under attack"
Previous message: Alan Cox: "System 5 shared memory: before I do somethign stupid..."