Gentoo Archives: gentoo-hardened

From:	different <diff@×××××××.com>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Re: to chroot or not to chroot
Date:	Mon, 15 Jun 2009 14:53:55
Message-Id:	`20090615025300.GA26406@funfactory`
In Reply to:	[gentoo-hardened] Re: to chroot or not to chroot by 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com>

1	On 16:21 Sun 14 Jun , 7v5w7go9ub0o wrote:
2	>
3	> [... SNIP ...]
4	>
5	> Nope.... that's all there is to the wrapper.
6	>
7	> gcc runchroot.c -o runchroot
8	> chown root runchroot
9	> chmod u+s runchroot
10
11	Ouch. Do _not_ set the setuid-bit on runchroot.
12	Otherwise it would be a piece of cake for the intruder
13	to gain root-privileges:
14	diff@mallory ~ $ ls -l runchroot
15	-rwsr-xr-x 1 root root 7680 Jun 15 04:37 runchroot
16	diff@mallory ~ $ ./runchroot -u root -d / -- /bin/sh
17	# id
18	uid=0(root) gid=0(root) groups=10(wheel),18(audio),27(video),1000(diff),
19	1007(qemu)
20	# ls -l /proc/self/root
21	lrwxrwxrwx 1 root root 0 Jun 15 04:45 /proc/self/root -> /
22
23	/ck

Subject	Author
[gentoo-hardened] Re: to chroot or not to chroot	7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>