Test for root.
Thomas Mondoshawan Tate
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 7 Sep 2001 08:31:33 -0700
--s9fJI615cBHmzTOP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Sep 07, 2001 at 08:11:07AM -0700, Matt Alexander wrote:
> On Fri, 7 Sep 2001, David A. Sinck wrote:
>=20
> >
> >
> > \_ SMTP quoth Matt Alexander on 9/6/2001 17:35 as having spake thusly:
> > \_
> > \_ On Thu, 6 Sep 2001, Matt Alexander wrote:
> > \_
> > \_ P.S. You should also get in the habit of specifying the full path t=
o any
> > \_ programs you use in your shell scripts. So in the above test, use
> > \_ /usr/bin/whoami instead of just whoami.
> >
> > I haven't tried this in a malicious setting, but I bet chroot could
> > foil that too.
>=20
> On most Unix systems, only root can use the chroot command.
> ~M
I was wondering about that... I've built whole distros from scratch, and
I've noticed that if joe blow user has access to the chroot command, he
could (theoreticially) root the system by creating a minidistro in his home
directory. I've yet to test my theory, though. I'll bet there's a safeguard
in there somewhere to prevent this.
--=20
Thomas "Mondoshawan" Tate
phoenix@psy.ed.asu.edu
http://tank.dyndns.org
--s9fJI615cBHmzTOP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7mOhVYp5mUsPGjjwRAuteAKCWOEZ1doAaRLoo2sYcAb+vslpYGgCfcE5P
+Ud74YbEt12d59+kPtwUoq0=
=okjr
-----END PGP SIGNATURE-----
--s9fJI615cBHmzTOP--