gns_ua: (Default)
gns_ua ([personal profile] gns_ua) wrote2013-11-11 06:59 pm
  • Add Memory
  • Share This Entry
Entry tags:

(no subject)

Only the root user can perform a chroot. This is intended to prevent users from putting a setuid program inside a specially crafted chroot jail (for example, with a fake /etc/passwd and /etc/shadow file) that would fool it into a privilege escalation.

И каким же это образом юзер может создать setuid root program в своём уютненьком чрутике? Даже если не монтировать /home и /tmp с nosuid ?
Flat | Top-Level Comments Only

[identity profile] gns-ua.livejournal.com 2013-11-11 05:15 pm (UTC)(link)
Это педивикия так объясняет, почему Only a privileged process (Linux: one with the CAP_SYS_CHROOT capability) may call chroot(). Хотя this call changes an ingredient in the pathname resolution process and does nothing else.

Объяснение меня не удовлетворило.
Edited 2013-11-11 17:15 (UTC)
Flat | Top-Level Comments Only