Hi, On 3/18/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > I also find "secure chroot implementation" in the list. IMHO, the > > unsafty of chroot is not caused by passive translator. In fact, > > currently chroot is implemented totally at client side by changing the > > INIT_PORT_CRDIR port matained by in Glibc. So, it is easy to escape > > from chroot by bypassing the file port resolving routine of Glibc, or > > just by modifying the CRDIR port. No need to exploit passive > > translators at all. We should first let the file server know and > > control chroot before making translators aware of it. > > That's not true as far as I know. Of course, the process can easily > change it's own idea of what the root directory is. But that doesn't > help escaping the chroot. To access anything outside the chroot, the > process needs a port to the outside filesystem...
You are right. I previously tried to hack Glibc chroot routine to preserve the original root port before changing root, so I can escape, but right, it is certainly what chroot considers and wants to prevent. Regards, Wei Shen
