On Thu, Jun 26, 2014 at 1:37 PM, Morten Kvistgaard <m...@pch-engineering.dk> wrote: >>> ... >>> execve("proc/self/exe", ["ftpd", "-l", "/"], [/* 9 vars */]) = -1 >>> ENOENT (No such file or directory) ... >> >>This is strange. Any ideas why this fails on your machine? > > Yes, the fchdir(G.root_fd) is not enough to break the jail. (And it's not > just my machine. It's all of our Ubuntu versions and all of our uClinux > versions. Which made me assume that it was a general issue.) > > There's a nice quote, I think: Ref: http://m.oschina.net/blog/113399. (One of > the first hits on google. There're prolly better sources.) > > =========================================== > > > /* Partially break out of the chroot jail by doing an fchdir() > This only partially breaks out of the chroot() jail since whilst > our current working directory is outside the chroot jail, our > root directory is still within it. Thus anything which refers to > "/" will refer to files under the chroot point. > */ > if (fchdir(dir_fd)<0) { > fprintf(stderr, "Failed to fchdir - %s\n", > strerror(errno)); > exit(1); > }
The point is, we *do not* refer to "/". We exec "proc/self/exe", NOT "/proc/self/exe". It does work on my machine. How come it doesn't work on your machine? _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox