chroot() as non-root user?
Mark Shepard
mns at BEST.COM
Sun Apr 13 08:20:46 PDT 2003
I suspect this has been asked before but I'll ask anyway.
Q1: Is it possible for a non-root process to perform a chroot?
My interest is this: I have a typical ISP hosting account (verio; on a
FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet
protect myself (and my email, and my .ssh keys) from bugs being exploited
in those CGI packages. Chroot at the start of each CGI would do the trick,
but requires root. I suspect the answer here is "only root can do this"...
which leads me to ask, in general:
Q2: Why is chroot() only available to root? I'm aware of *one* security
issue: if a non-root user can perform chroot(), they can alter the
name-space "seen" by setuid programs, and potentially compromise them
(assuming a user-writable directory [like /tmp] on the same partition as a
setuid program.) Are there any other reasons? (Besides the issues with
fchdir() which I assume are adequately fixed). Assuming there aren't any
other issues leads to my last Q... Actually, a proposal:
Q3: Why not allow non-root users to chroot() _as long as the target dir.
is on a partition mounted nosuid_? Seems like this would be a simple
mechanism (both to understand and to implement) and would allow regular
users to take advantage of chroot to improve the security of scripts, CGIs,
etc.
Mark
More information about the freebsd-security
mailing list