ChrootDirectory on a per key basis
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Sat Oct 25 08:55:14 EST 2008
On 2008-10-24 21:18, Chris Wilson wrote:
> On Fri, 24 Oct 2008, Damien Miller wrote:
>> No, letting users chroot to arbitrary directories introduces
>> serious security problems. Think about hard-linking /bin/su into
>> a chroot on the same filesystem where an attacker has filled in
>> a friendly /etc/passwd.
>
> I thought that the suid bit was a property of the directory entry, not the
> inode? On what platforms is the suid bit a property of the inode, which
> would make this exploit possible?
All of them.
The only properties in a directory entry are a name, entry type (regular
file, directory, block device, etc.), and an inode number.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list