Re: [PATCH] User chroot - Jorgen Cederlof

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Jorgen Cederlof <jc@lysator.liu.se>
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] User chroot
Date: Wed, 27 Jun 2001 19:55:31 +0200	[thread overview]
Message-ID: <20010627195531.D8203@ondska> (raw)
In-Reply-To: <9hb6rq$49j$1@cesium.transmeta.com>

hpa@zytor.com ("H. Peter Anvin") writes:

> Followup to:  <20010627014534.B2654@ondska>
> By author:    Jorgen Cederlof <jc@lysator.liu.se>
> In newsgroup: linux.dev.kernel
> > If we only allow user chroots for processes that have never been
> > chrooted before, and if the suid/sgid bits won't have any effect under
> > the new root, it should be perfectly safe to allow any user to chroot.
> 
> Safe, perhaps, but also completely useless: there is no way the user
> can set up a functional environment inside the chroot.

Why? Because he can't create device nodes?

First of all, if /dev is on the same file system as the new root, the
user can ln the device nodes he wants to wherever he wants them in the
new root. He can't change their permissions, but that should not be
necessary.

Since I use devfs, I can't do that. But I decided to try how much I
can do anyway. So I downloaded the big redhat 7.1 image from User-mode
Linux. I unpacked it and extracted it to a directory using User-mode
Linux. Since I was a normal user, I could not create any device nodes
so I left /dev empty.

I chrooted into the directory. Most things seemed to work. I couldn't
use ping, since it needs to be suid root, and ps didn't work for
obvious reasons, but besides that everything looked OK.

I started an Xnest and started a gnome-session in it. Now I ran into
trouble. Some programs complained that they could not open
/dev/null. I touched /dev/null and put a couple of zeroes in /dev/zero
just in case. Now everything worked just fine. Gnome started and I
could run every application included.

The only thing that didn't work was terminal emulators. If I had not
been using devfs, but had /dev on the same file system as /tmp or ~, I
could have linked the needed device nodes. If you want to, you can
have a daemon running outside the root to mirror selected parts of
/proc into new_root/proc.

There are more uses for chroot than running user desktops, as has been
pointed out by others. The same arguments as implementing chroot for
root still applies.

Securing network daemons without needing to be root can be useful. As
an extra bonus, cracked daemons are prevented from gaining root access
from buggy suid binaries.

I'm sure you can think of more uses. Don't assume it has no uses just
because you can't think of anything in two minutes. I tend to use it
quite often now when I am used to it, and I often find it frustrating
to work on computers without this patch.

        Jörgen

next prev parent reply	other threads:[~2001-06-27 17:44 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-06-26 23:45 [PATCH] User chroot Jorgen Cederlof
2001-06-26 23:46 ` H. Peter Anvin
2001-06-27  0:48   ` David Wagner
2001-06-27 12:56     ` Marco Colombo
2001-06-27 13:56     ` Admin Mailing Lists
2001-06-27  3:32   ` Albert D. Cahalan
2001-06-27  4:24     ` H. Peter Anvin
2001-06-27  6:31       ` Kai Henningsen
2001-06-27 20:55       ` Albert D. Cahalan
2001-06-27 21:03         ` H. Peter Anvin
2001-06-27 21:19           ` Albert D. Cahalan
2001-06-28  7:47         ` Sean Hunter
2001-06-28 18:25           ` Albert D. Cahalan
2001-06-27 15:39   ` Marcus Sundberg
2001-06-27 17:55   ` Jorgen Cederlof [this message]
2001-06-27  6:37 ` Kai Henningsen
2001-06-27 18:14   ` H. Peter Anvin
2001-06-28  6:54     ` Kai Henningsen
2001-06-29 13:46     ` Jorgen Cederlof
     [not found] <0C01A29FBAE24448A792F5C68F5EA47D1205FB@nasdaq.ms.ensim.com>
2001-06-27  0:37 ` Paul Menage
2001-06-27  0:45   ` H. Peter Anvin
2001-06-27  0:53     ` David Wagner
2001-06-27  0:51   ` David Wagner
2001-06-27  1:08   ` Mohammad A. Haque
2001-06-27  1:24     ` Paul Menage
2001-06-27  1:40       ` Alexander Viro
2001-06-27  2:17         ` Paul Menage
2001-06-27  6:35           ` Kai Henningsen
2001-06-27  7:19         ` Chris Wedgwood
2001-06-27  7:43           ` Alexander Viro
2001-06-27  4:39     ` David Wagner
  -- strict thread matches above, loose matches on Subject: below --
2001-06-27 13:57 Jesse Pollard
2001-06-27 17:42 ` David Wagner
2001-06-27 23:11 Andries.Brouwer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20010627195531.D8203@ondska \
    --to=jc@lysator.liu.se \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox