On Tue, May 23, 2006 5:15 pm, Zak B. Elep wrote: > OTOH, chroots are quite painful to set up, but are worth the effort if > your intended users are a bit, erm, well, finicky. I can imaging > doing a `debootstrap' for getting a Sarge base running on > /debian-chroot , bind-mounting /home and tmpfs-mounting /tmp to it, > configuring a `dchroot' environment, and add users with a shell > `/usr/bin/dchroot -d -c debian' for the finale. Your users won't even > notice they're in a dchroot, so even if they manage to break `sudo', > they'll be in nowhere-land. > > Thoughts? =)
we all know that sudo is setuid 0 ;-) it means a bug in sudo will not surely put them in nowhere-land. but in fact, can possibly give them the power to escape out of the chroot. if you're uid 0, chroot or not, the possibilities are vast :-) cheers! _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
