[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Chroot jail



On Thu, Oct 11, 2001 at 01:12:13AM +0200, Nadav Har'El wrote:
> On Thu, Oct 11, 2001, Tzafrir Cohen wrote about "Re: Chroot jail":
> > If you assume that the chroot-ed user can become root, and he either has a
> > compiler or a binary of "chroot" then he can also break out of the chroot
> > jail, and become root of the whole system.
> 
> No, of course not!
> If that were true chroot would have been completely worthless... chroot
> *was* meant to limit a process with superuser privileges!

man 2 chroot says:
In particular, the super-user can escape from a `chroot  jail'
by doing `mkdir foo; chroot foo; cd ..'.

Anyway, being root, one can mknod the hda and kmem devices, effectively
being able to mount the hard drive and do whatever he pleases. One way
to prevent it would be with POSIX capabilities (there's a CAP_MKNOD
capability, according to <linux/capabilities.h>).

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il