Here's a patch to make the --chroot feature more secure. 1) At least with the Linux kernel, root can break out of a chroot jail: http://www.linuxsecurity.com/feature_stories/feature_story-99.html [I verified this to be true with a 2.2 kernel.] I'm not sure whether this is true for other kernels, and I'm not sure whether other kernels require the process to be root before a chroot can succeed. So, my uid check may need to be ported. 2) With older Linux kernels, you could break out of a chroot jail if you didn't cd to the directory to which you will chroot. 3) I added checks to make sure that --user and/or --group work. The most important check is to make sure that setuid succeeds (if --chroot was specified). -scott p.s. I'm not (yet) subscribed to the list. ================================================================== --- main.c~ Wed Sep 4 07:52:25 2002 +++ main.c Sun Oct 13 15:37:46 2002 @@ -481,6 +481,15 @@ return 2; } if (chroot_dir) { + if (!uid) { + werror("-C can be defeated without -u, exitting.\n"); + return 3; + } + + if (chdir(chroot_dir) < 0) { + werror("Error chdiring, exiting.\n"); + return 3; + } if (chroot(chroot_dir) < 0) { werror("Error chrooting, exiting.\n"); return 3; @@ -488,9 +497,18 @@ } if (uid || gid) { - setgid(gid); - setgroups(0, NULL); - setuid(uid); + if (gid && setgid(gid) < 0) { + werror("Error setgiding, exiting.\n"); + return 4; + } + if (setgroups(0, NULL) < 0) { + werror("Error setgrouping, exiting.\n"); + return 4; + } + if (uid && setuid(uid) < 0) { + werror("Error setuiding, exiting.\n"); + return 4; + } } if (!debug_flag) {