[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chroot and su



Tzafrir Cohen wrote:

>On Thu, 20 Sep 2001, Tzafrir Cohen wrote:
>
>>Hi
>>
>>I want to run a certain daemon in a chroot jail. Since that daemon has no
>>support for running in a chroot, I'll have to run it as a user. This means
>>that I have to add some sort of 'su' into the chroot jail.
>>
>>Any way of avoiding that extra binary? I remember reading somewhere about
>>a program called 'suchroot' r 'suchroot' that does both things (and thus I
>>can avoid adding binaries to the chroot jail). But I couldn't find it or
>>anything similar. A couple of web searches I've tried have given no better
>>solution.
>>
>>Any suggestions/pointers?
>>
>
>Someone suggested in private mail making te binary SUID (to a non-root
>user) and thus avoiding te need for su. Assuming that tere is no problem
>with making it SUID (e.g:  I don't need to set LD_LIBRARY_PATH), should
>this prevent the process from escaping the chroot jail?
>
Correct me if I'm wrong, but if you SU to another user, you can still 
seteuid to your original user.

            Shachar



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il