Re: Non-root chroot

On 8/5/25 22:59, Jamie Landeg-Jones wrote:
> Dmitry Mikushin <dmitry@kernelgen.org> wrote:
> 
>> Important point is that the user is not obliged to hand in any particular
>> "su" program. The user may hand in any "su"-like code suitable for escaping
>> the chroot.
> 
> But just as it is if you're not using a chroot, your non-root user cannot
> create suid-root binaries, and when you're setting things up, you'd simply not
> use root to copy a suid-root 'su' (or anything else) into your chroot tree.

Not quite true:

FreeBSD moray.acadix  bacon ~ 1018: sysctl vfs.usermount
vfs.usermount: 1
FreeBSD moray.acadix  bacon ~ 1019: whoami
bacon
FreeBSD moray.acadix  bacon ~ 1020: mount -t nullfs /usr/bin 
/home/bacon/new-root/usr/bin/
FreeBSD moray.acadix  bacon ~ 1021: ls -l new-root/usr/bin/su
-r-sr-xr-x  1 root wheel   17K Jul 28 17:11 new-root/usr/bin/su*

Granted, usermount should generally not be set on a shared system, but 
it could happen.

Or, as I mentioned in a prior response, there's always the possibility 
of duping a root user into installing an suid binary.  Not all of them 
are highly qualified, and everyone gets tired or rushed sometimes.

-- 
Life is a game.  Play hard.  Play fair.  Have fun.