Menu
When I try to use chroot with "." or the complete pathname as argument, perror tells me "Operation not permitted".
If the answer to my question is yes, is there another way to change root directory ? (Without barbarian methods using strcmp() / strncmp())
299
Yes, that does indeed make it possible for a non-root user to use chroot. The root user ID in that namespace is mapped to the non-root user ID outside of that namespace, and vice versa, which is why the system shows files owned by the current user as owned by user ID 0.
Solution. In a chroot environment, if a program is running with root privileges, the program might be able to perform a second chroot and can break out of the chrooted environment. This is a limitation of chroot and hence it is recommended that the chrooted program should relinquish root privileges after chrooting.
A chroot is an operation that changes the apparent root directory for the current running process and their children. A program that is run in such a modified environment cannot access files and commands outside that environmental directory tree. This modified environment is called a chroot jail.
When you take the whole system into consideration, you do not gain any real security from your chroot(). Putting a regular user in a chroot() will prevent them from having access to the rest of the system. This means using a chroot is not less secure, but it is not more secure either.
chroot can only be used by root him/her/itself. And no, there won't be any other way without compromising security.
From Wikipedia
Only the root user can perform a chroot. This is intended to prevent users from putting a setuid program inside a specially crafted chroot jail (for example, with a fake /etc/passwd and /etc/shadow file) that would fool it into a privilege escalation.
See here for the article.
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
