On Mon, 22 Oct 2001, Greg Wooledge wrote: > > The disadvantage to this approach is that if one of your users finds a > local exploit and becomes root inside her chroot() jail, she could then > overwrite the programs linked from her $HOME/bin -- which are the same > programs that ALL your users are using. So suddenly every chroot() > user would be running the trojan programs.
If a user gains root privs it is easy to escape the chroot jail on most systems. You should have nothing suid inside the jail and drop root immediatly after chroot:ing. Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: <[EMAIL PROTECTED]> ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
