> > Sorry, what should this code do? I tried it on several machines (NetBSD
> > among others), and experienced nothing but what I expected, namely a login
> > shell in the root (/) directory. The same thing you can achieve by
> > (cd /; sh -login)
> > What am I missing? What do you want to demonstrate?
>
> If you are locked into an anonymous ftp area for example and manage to
> execute programs, the normal assumption is you cannot get out of that
> chroot area. The program above does if you can get to be root. Thus it
> makes it much harder to create an area on a machine you cannot break out from
A machine on which a nobody can execute root programs in any way, shape,
or form, is, by definition, insecure. It could chmod the directory to
make it writable, put a device in the directory, say dev/mem or whatever,
and do anything. Therefore, worrying if root processes are secure or not
is not a primary consideration.
Besides, if you can execute an arbitrary program outside of the
chroot'd area in the first place then why would this program bother to
chroot() in the first place?
Greg Alexander
http://www.cia-g.com/~sietch/