[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: chroot and su
- To: Linux-IL mailing list <linux-il(at-nospam)linux.org.il>
- Subject: Re: chroot and su
- From: Tzafrir Cohen <tzafrir(at-nospam)technion.ac.il>
- Date: Fri, 21 Sep 2001 09:32:29 +0300 (IDT)
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <Pine.GSO.4.33_heb2.09.0109202139070.25673-100000@techunix.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Thu, 20 Sep 2001, Tzafrir Cohen wrote:
> Hi
>
> I want to run a certain daemon in a chroot jail. Since that daemon has no
> support for running in a chroot, I'll have to run it as a user. This means
> that I have to add some sort of 'su' into the chroot jail.
>
> Any way of avoiding that extra binary? I remember reading somewhere about
> a program called 'suchroot' r 'suchroot' that does both things (and thus I
> can avoid adding binaries to the chroot jail). But I couldn't find it or
> anything similar. A couple of web searches I've tried have given no better
> solution.
>
> Any suggestions/pointers?
Someone suggested in private mail making te binary SUID (to a non-root
user) and thus avoiding te need for su. Assuming that tere is no problem
with making it SUID (e.g: I don't need to set LD_LIBRARY_PATH), should
this prevent the process from escaping the chroot jail?
--
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il