[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Chroot jail
On Thu, Oct 11, 2001, Tzafrir Cohen wrote about "Re: Chroot jail":
> If you assume that the chroot-ed user can become root, and he either has a
> compiler or a binary of "chroot" then he can also break out of the chroot
> jail, and become root of the whole system.
No, of course not!
If that were true chroot would have been completely worthless... chroot
*was* meant to limit a process with superuser privileges!
chroot(2) takes as a parameter a filename. A filename relative to the
*current* root directory. You can't do chroot(".."), and chroot("/")
simply does nothing (it uses the current directory). As far as I know
there is no fchroot(2) system call in Linux, but just in case: make sure
you're not passing any open file descriptors to the chrooted shell that
refer to files outside the jail.
P.S. if you use chroot(2), not chroot(1), don't forget to chdir(2) too!
Otherwise, escaping is easy (see chroot(2)).
--
Nadav Har'El | Thursday, Oct 11 2001, 24 Tishri 5762
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Creativity consists of coming up with
http://nadav.harel.org.il |many ideas, not just that one great idea.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il