Re: chroot useful?

Steven M. Bellovin (smbresearch.att.com)
Fri, 14 Nov 1997 02:54:59 +0000

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Darren Reed: "Re: chroot useful?"
• Previous message: Peter Mayne: "RE: Altavista v TIS toolkit on Linux, which is better?"
• Maybe in reply to: Chris Booth: "Altavista v TIS toolkit on Linux, which is better?"
• Next in thread: Aleph One: "Re: chroot useful?"
• Reply: Aleph One: "Re: chroot useful?"

At 05:05 PM 11/13/97 -0500, Douglas R. Steinbaum wrote:
>Regarding the comment made by Steve Bellovin (pasted at the end of this
>message):
>
>I was under the impression that running the chroot() command on a UNIX
>box would make it impossible for all subsequently launched programs to
>access files located above the newly defined root point, even if such
>programs are launched with a UID of 0. Thus, the command could be used
>as a simple "wrapper" to prevent a user application program which is not
>completely trusted (for example, a commercial SW package for which source
>code is unavailable) from being misused to access critical system files.
>That is, chroot could be run to define the root point such that critical
>files are inaccessible, and then the untrusted application would
>subsequently be launched. Is this not correct?

That was precisely my point -- that this opinion is not correct. There
are numerous ways for root to break out of a chroot() "jail"; the simplest
is to do mknod() to create new special device files for the real disks, and
mount new file systems on those devices. Many other variants are possible
as well.

• Next message: Darren Reed: "Re: chroot useful?"
• Previous message: Peter Mayne: "RE: Altavista v TIS toolkit on Linux, which is better?"
• Maybe in reply to: Chris Booth: "Altavista v TIS toolkit on Linux, which is better?"
• Next in thread: Aleph One: "Re: chroot useful?"
• Reply: Aleph One: "Re: chroot useful?"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:48 CDT