On Sat, May 07, 2005 at 08:10:27PM +0300, Gilad Ben-Yossef wrote:
Can you give more details about what you wrote? > Shaul Karl wrote: > > On my Debian machine only root is permitted to chroot(2). What are the > > cons for having a regular user chroot? Are there any patches floating > > around to change that? > > > > > If there exists any dynamically linked SUID root binary in the system What do you mean by dynamically linked SUID root binary? For me, `dynamically linked' is associated with libraries, while a binary is the same as executable and suid is only for executables. In short, what is my mistake? > (e.g. ping) which a user can contain in a directory such that the What is the difference between what you refer to and a simple cp of an suid executable to somewhere under the user home directory? > regular directory structure puts files controlled by the user in > directories that would become, for example, /lib or /usr/lib after > chroot and then chroot inside it you have effectively given this user > root privileges. > How all this would give him root privileges? There are systems where a regular user can chroot, aren't there? Can you name them? ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
