On 5/23/06, Norbert P. Copones <[EMAIL PROTECTED]> wrote:
we all know that sudo is setuid 0 ;-) it means a bug in sudo will not surely put them in nowhere-land. but in fact, can possibly give them the power to escape out of the chroot. if you're uid 0, chroot or not, the possibilities are vast :-)
True enough, but `sudo' is only as powerful enough as the chroot allows it to, uid 0 or not. Fortunately for us, we don't get too many bugs on sudo very very often... You wouldn't certainly bind-mount your real / to the chroot's / , so doing something like `rm -rf /*' would definitely break the chroot. I _do_ suppose that with that same invocation, one can also cause any other bind-mounted dirs to be obliterated from existence; I encountered this quite recently, during one of my package builds :/. At any rate, a properly-crafted /etc/sudoers gives a better chance of having a relatively secure system, given any `sudo'. The manpages, as usual, have the good advice. -- Zak B. Elep || http://zakame.spunge.org [EMAIL PROTECTED] || [EMAIL PROTECTED] 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
