chroot() as non-root user?
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Sun Apr 13 16:13:21 PDT 2003
On Sun, Apr 13, 2003 at 06:41:46PM +0300, Ruslan Ermilov wrote:
+> chroot(2) has no effect on the process's current directory; you
+> could hide (hard-link) the setuid program (su(1)) there, so
+> removing this protection on the syscall level can easily result
+> in a compromise.
+>
+> chroot(8) changes the current working directory, but it's not
+> setuid root.
And if kern.chroot_allow_open_directories is set to 0?
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030414/fdc55dff/attachment.bin
More information about the freebsd-security
mailing list