Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation]

[Pekka Savola <pekkas () netcore fi>]

On Wed, 25 Feb 2004, Jefferson Ogata wrote:
> > This doesn't try to automatically create directories or whatever, but 
> > relies on the compile time option (e.g. /var/empty) but is IMHO better 
> > in some sense.
>
> > -           if (initgroups(pw->pw_name, 0) != 0 || setgid(pw->pw_gid) != 0 ||
> > +           if (chroot_dir) {
> > +                   if (chroot(chroot_dir) != 0 || chdir (".") != 0) {
>
> No, you have to chdir to "/". Or better, do (chdir(chroot_dir) != 0 || 
> chroot(".") != 0). 

Oops -- sorry for the typo!  Obviously, that should be chdir("/") :)

I was looking this after my another patch, to chroot/droproot ntp, and
didn't copy it appropriately.

> There's one issue that occurred to me with chroot: on some 
> platforms/configurations there may be a need for access to certain files outside 
> the jail. If any get*byname() calls are being used, there may be a need for 
> access to /etc/resolv.conf, /etc/protocols, etc. On IRIX, it's worse since all 
> the get*by*() calls end up relying on access to /ns. So if -n isn't in force, 
> chrooting might break some lookups. So that also argues for a commandline 
> argument at least to switch it off.

I would not enable tcpdump at compile time on such systems, so I don't
think this is a particularly nasty problem.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Attachment: tcpdump-chroot.patch
Description: