[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Exploit (t666.c) breaking chroot()
http://www.ussrback.com/archives/linux-exploits/T666.C
This exploit for the latest Bind holes (hope you
all upgraded to P5 already) promises to break chroot().
As I know, chroot shouldn't be returnable from by anyone.
In many cases chroot is treated as a major security feature
(think of linuxconf demo site, when they run their demo
linuxconf from a chroot()ed environment) and many docs
suggest running named chrooted.
So how come it can be skipped?
--
Best regards,
Ilya Konstantinov a.k.a Toastie
[http://toast.demon.co.il]
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il