httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: setuid control WITHOUT running as root
Date Sun, 02 Jun 1996 22:10:57 GMT
Robert S. Thau wrote:
>  BTW, I've almost decided that chroot() doesn't help with security (because a
>  Bad Guy can still make something setuid to the attacked uid which can then be
>  exploited by another route).
> Ummm... that's not the point.  Yes, once a suid-root binary exists, even
> in the chrooted environment, you're hosed.  However, the user had to exploit
> security holes in some program in order to bring it into existence.  If 
> chroot locks some of the likely tools out of reach, that means the attacks
> that require them just won't work.
> (For instance, one popular style of attack is the trojan-horse binary.  If
> the directory you'd have to plant it is is just not part of your view of the
> file system, however, then you don't have access regardless of what the
> permission bits are or who owns it --- and that *particular* possibility is
> closed off).

Agreed. I just see so many holes in the chrooted environment that it is hard to
distinguish it from the non-chrooted (thinking aleph-0 again). However,
sticking to the finite, your point is correct. So, Randy, gonna put chroot in?



> rst

Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email:
A.L. Digital Ltd,           URL:
London, England.

View raw message