9

I was reading description about setuid on wikipedia http://en.wikipedia.org/wiki/Setuid

I was unable to understand how chroot is related to setuid as mention in following paragraph from wikipedia

The presence of setuid executables explains why the chroot system call is not available to non-root users on Unix. See limitations of chroot for more details.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
Mr Coder
  • 195
  • 1
  • 8

1 Answers1

12

If a non-privileged user could execute a setuid program in a chroot jail, they could carefully construct that jail to trick the program into escalating privileges. For example, I can construct a chroot jail in which I'm permitted to use sudo, because I can control every configuration file inside that jail.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
David Schwartz
  • 31,215
  • 2
  • 53
  • 82
  • I still totally think that the expression on the wikipedia page could be rewritten to actually express this. – Florin Asăvoaie Apr 17 '14 at 07:51
  • The [limitations section of the article on chroot](http://en.wikipedia.org/wiki/Chroot#Limitations) goes into more detail, as the excerpt says. – David Schwartz Apr 17 '14 at 07:52
  • 8
    @FlorinAsavoaie: The nice thing on wikipedia is that if you think "it could be written this and that", you are entitled to do so :) – phresnel Apr 17 '14 at 12:20