chroot() as non-root user?
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Sun Apr 13 16:43:25 PDT 2003
On Sun, Apr 13, 2003 at 10:20:35AM -0500, Mark Shepard wrote:
+> Q3: Why not allow non-root users to chroot() _as long as the target dir.
+> is on a partition mounted nosuid_? Seems like this would be a simple
+> mechanism (both to understand and to implement) and would allow regular
+> users to take advantage of chroot to improve the security of scripts, CGIs,
+> etc.
You can do this with CerbNG (avaliable at http://cerber.sourceforge.net).
Policy could looks like this:
#define NONSUID_PATH "/path/to/nonsuid/dir/*"
if (syscall == SYS_chroot && ruid > 0 && ismember(GET_GID("chroot"), groups)) {
reg[1] = realpath(arg[0]);
if (reg[1] !@ NONSUID_PATH) {
return(EPERM);
}
/* chdir first to that directory */
setsyscall(SYS_chdir);
reg[0] = call();
if (reg[0] != 0) {
return(reg[0]);
}
setsyscall(SYS_chroot);
/* give uid 0 for this syscall */
reg[0] = sucall();
if (reg[0] != 0) {
return(reg[0]);
}
log(LOG_INFO, "CerbNG:%s: %s(%s[%s]) (with euid 0).", pname,
syscallname, arg[0], reg[1]);
return(0);
}
From now on members of group ,,chroot'' are able to use chroot(2) syscall
without uid 0 if they want to chroot to some directory in NONSUID_PATH.
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030414/bd24afab/attachment.bin
More information about the freebsd-security
mailing list