On 2008-10-24 21:18, Chris Wilson wrote:
> On Fri, 24 Oct 2008, Damien Miller wrote:
>> No, letting users chroot to arbitrary directories introduces
>> serious security problems. Think about hard-linking /bin/su into
>> a chroot on the same filesystem where an attacker has filled in
>> a friendly /etc/passwd.

> I thought that the suid bit was a property of the directory entry, not the
> inode? On what platforms is the suid bit a property of the inode, which
> would make this exploit possible?

All of them.

The only properties in a directory entry are a name, entry type (regular
file, directory, block device, etc.), and an inode number.

Jefferson Ogata
NOAA Computer Incident Response Team (N-CIRT)
"Never try to retrieve anything from a bear."--National Park Service
openssh-unix-dev mailing list