hm, the guy, who wrotes that patch seems not very familiar with chroot()ed environments. he misses the chdir() after the chroot(), which makes the chroot jail unsecure. to be on the safe track initgroups() should be
Just a brief note, since people often tend to consider chroot() a security feature of the kernel: As long as a process inside a chroot()ed environment is capable of doing chroot(2), the process will be able to break out. Executing chdir(2) after chroot(2) doesn't really remedy this illness. Try this: chroot(1) as root and then execute the little q+d hack underneath my sig to break out. You might want to link it statically if you don't have the necessary libraries around. Note: chroot(1) does chdir("/") right after chroot(2).
called in addition to setgid(), he also missed that. there could be more failures like this. if i have the time, i'll debug and test this patch... maybe it'll become part of our next SuSE, but I don't think so. As long as we have Marc's Compartment it would be wiser to use this instead of a buggy patch.
Bye, Thomas
Thanks,
Roman Drahtmüller.
--
- -
| Roman Drahtmüller