On Tue, May 23, 2006 6:37 pm, Zak B. Elep wrote: > True enough, but `sudo' is only as powerful enough as the chroot > allows it to, uid 0 or not. Fortunately for us, we don't get too many > bugs on sudo very very often...
uid 0 is uid 0 whether on chroot or not. let's just accept the fact that is is _very possible_ for a root process to escape out of the chroot, so sudo will not only as powerful enough as the chroot only allows it but because its runs as root. and yes fortunately, we don't get many bugs on sudo very often. but a vulnerability in sudo can surely lead to uid 0. > You wouldn't certainly bind-mount your real / to the chroot's / , so > doing something like `rm -rf /*' would definitely break the chroot. I > _do_ suppose that with that same invocation, one can also cause any > other bind-mounted dirs to be obliterated from existence; I > encountered this quite recently, during one of my package builds :/. he/she can copy the necessary libs/bin/deps to the chroot dir. why mount-bind the real /? the security essence of chroot will be lost. still if its root process, its very possible for the process to escape out of chroot. its a very known bug/limitation of chroot. > At any rate, a properly-crafted /etc/sudoers gives a better chance of > having a relatively secure system, given any `sudo'. The manpages, as > usual, have the good advice. yes, i agree. but still that _nowhere-land_ we tackle on this thread is impossible. my only point is you can't really say that chroot+sudo combination can bring users to nowhere-land if he/she manages to breaks sudo. cheers! _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
