On Tue, May 23, 2006 7:19 pm, Zak B. Elep wrote: > Hi Norbert! hello! :-)
> Yeah, it is perhaps quite possible for a uid-0 process to get out of > the chroot, which is why a chroot must be properly configured in the > first place, having just the bare metal to run the allowed apps per > the site's policy. Again, a good /etc/sudoers can help. I also hear > on the grapevine that there's a fakeroot-aware sudo in the works > too... imho its not 'quite' possible. its _very_ possible. chroot() has no security feature to offer if the processes running inside it is uid 0. that's why its very recommended for a process to seteuid() once it sucessfully invokes chroot() syscall. > As for the nowhere-land bits, I have to agree with you, my bad :/ I'm > used to building chroots within chroots within chroots (or, more > precisely, pbuilder in dchroot in dchroot)... don't ask me why ;P we finally agree on this matter :-). however, chroot w/in chroot w/in chroot (and so on...) can be easily escaped just like in the case of a single chroot() call. chroot() syscall can be only invoked by uid 0. chroot w/in chroot means its still uid 0. but since you do it for packaging purposes and not for chrooting a service (let's say apache or bind), then we have nothing to argue about ;-) cheers! _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List plug@lists.linux.org.ph (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
