[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [suse-security] /usr/sbin/compartment fails to chroot for non-root user
> -----Original Message-----
> From: Tom Knight [mailto:thomas.knight@xxxxxxxxxx]
> Sent: 21 January 2004 10:53
> To: suse-security@xxxxxxxx
> Subject: RE: [suse-security] /usr/sbin/compartment fails to chroot for
> non-root user
> > -----Original Message-----
> > From: Peter Wiersig [mailto:wiersig-ml@xxxxxxxxxxxxx]
> > Sent: 21 January 2004 10:11
> > To: suse-security@xxxxxxxx
> > Subject: Re: [suse-security] /usr/sbin/compartment fails to chroot for
> > non-root user
> > Tom Knight wrote:
> > >
> > > Looking at the file "problem" that strace creates tells me that:
> > > <snip>
> > > [400e10cd] chroot("/home/update.jail") = -1 EPERM (Operation
> > not permitted)
> > man 2 chroot:
> > SYNOPSIS
> > #include <unistd.h>
> > int chroot(const char *path);
> > DESCRIPTION
> > chroot changes the root directory to that specified in path.
> > This directory will be used for path names beginning with /.
> > The root directory is inherited by all children of the
> > current process.
> > Only the super-user may change the root directory.
> > > Any ideas on how to solve this?
> > Clean programming and suid-binaries.
> Okay, obviously you aren't telling me to make chroot suid root,
> but what _are_ you telling me?
> I'm now trying:
> `sudo /usr/bin/chroot /home/update.jail /bin/su -l update`
> So my chroot command/shell is `/bin/su -l update`.
> My error is now a little more strange, i.e.:
> "/bin/su: incorrect password"
Argh, I'm using PAM.
I don't think I want to include a working PAM config into
my chroot jail so I'll either have to recompile su or not
Again, is su something I really want in my chroot jail anyway?
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here