Comment by geocar
14 days ago
If the attacker can control newroot/etc/passwd they _still_ get getpwnam to return whatever userid they want. The solution is to not lookup --userspec=username:group inside the chrooted-space, but from outside.
Also, hi how's things? :)
hi! good, how are you doing?
great. still enjoying the algarve working on my secret projects in the sun.
you able to find a reason to come visit? or am i going to have to come to blighty so we can hang out?