In article <0056910011314551000002L112*@MHS>, <[EMAIL PROTECTED]> wrote:
>chroot does nothing to hide uid 0. It makes a subdirectory appear as /,
>so you can give somebody access to /publicdirectory, and to them it's
>/... they can't cd out of that heirarchy to the rest of your filesystem.
>No hack can give them the plain text
>of /etc/shadow (or /etc/security/passwd, or whatever), they can't
>execute a carelessly unguarded suid program, they can't drop an insecure
>command into root's crontab, whatever.
Careful there! A program with uid 0 can always get out of a chroot
environment. In fact, so can any program, unless *every process on the
system running under the same uid* is also in the same chroot
environment. That's a subtle feature of chroot that's often overlooked.
You can't, for example, trap a program running as "nobody" in a chroot
environment if, for example, fingerd also runs as "nobody", but without
the chroot. Each chroot environment needs to have a dedicated uid that
is used *only* by processes within the chroot.
- Ian
