brnstnd@stealth.acf.nyu.edu (Dan Bernstein) (10/29/89)
Any user who can execute a chroot() (and who can write a directory on the same filesystem as /bin/su) can become root. That's the point the original poster was trying to make; that's why only root is allowed to chroot(). The previous discussion here was on a different issue: *once* a process (in particular, the unshar process) is stuck inside a chroot(), can it affect anything outside its sub-filesystem? The answer is obviously no. (Modulo IPC and network facilities, but that's no problem if you reserve a userid for the unsharing and if you hide your network libraries. It wouldn't be funny if processes started dying...) Yes, chroot() would be a security hole if normal users could use it. Yes, it's safe to stick an unshar into a chroot() sub-filesystem. ---Dan