[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: chroot and su
- To: Tzafrir Cohen <tzafrir(at-nospam)technion.ac.il>
- Subject: Re: chroot and su
- From: Shachar Shemesh <linuxil(at-nospam)consumer.org.il>
- Date: Mon, 24 Sep 2001 11:11:45 +0200
- CC: Linux-IL mailing list <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- References: <Pine.GSO.4.33_heb2.09.0109210930180.17055-100000@techunix.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010917
Tzafrir Cohen wrote:
>On Thu, 20 Sep 2001, Tzafrir Cohen wrote:
>
>>Hi
>>
>>I want to run a certain daemon in a chroot jail. Since that daemon has no
>>support for running in a chroot, I'll have to run it as a user. This means
>>that I have to add some sort of 'su' into the chroot jail.
>>
>>Any way of avoiding that extra binary? I remember reading somewhere about
>>a program called 'suchroot' r 'suchroot' that does both things (and thus I
>>can avoid adding binaries to the chroot jail). But I couldn't find it or
>>anything similar. A couple of web searches I've tried have given no better
>>solution.
>>
>>Any suggestions/pointers?
>>
>
>Someone suggested in private mail making te binary SUID (to a non-root
>user) and thus avoiding te need for su. Assuming that tere is no problem
>with making it SUID (e.g: I don't need to set LD_LIBRARY_PATH), should
>this prevent the process from escaping the chroot jail?
>
Correct me if I'm wrong, but if you SU to another user, you can still
seteuid to your original user.
Shachar
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il