Re: Non-root chroot
- Reply: Joe Schaefer : "Re: Non-root chroot"
- In reply to: Jason Bacon : "Re: Non-root chroot"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Aug 2025 01:41:52 UTC
> On 4 Aug 2025, at 22:56, Jason Bacon <bacon4000@gmail.com> wrote: > On 8/3/25 23:41, Daniel O'Connor wrote: >>> On 3 Aug 2025, at 18:39, Dmitry Mikushin <dmitry@kernelgen.org> wrote: >>> Important point is that the user is not obliged to hand in any particular "su" program. The user may hand in any "su"-like code suitable for escaping the chroot. >> You can’t create a setuid binary owned by root without being root so it doesn’t matter. >> -- >> Daniel O'Connor >> "The nice thing about standards is that there >> are so many of them to choose from." >> -- Andrew Tanenbaum > > It may be possible to nullfs mount something into the chroot dir, or dupe the superuser into copying a root-owned file in. The listing below was run in a user-level chroot, where I copied /usr/bin/su in as root from the host: You can’t mount something without being root unless vfs.usermount is set. I guess if you can nullfs mount with vfs.usermount then that is an issue, although I hope that forces nosuid on but I haven’t checked. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum