[I wrote]
> > mkdir("foo")
> > chroot("foo")
[H. Peter Anvin]
> BUG: you *MUST* chdir() into the chroot jail before it does you any
> good at all!
No, it wasn't a bug! It was a demonstration. The above code is
executed not by the application but by the *attacker* who has managed
to 0wn the existing jail.
Doing the additional chroot("foo") without already being in "foo"
basically replaces the chroot jail you *were* in, so you are now out.
The sequence I posted is just the simplest un-chroot procedure I know,
to explain why chroot cannot sandbox the superuser.
Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
- chroot [Was: Re: Linux 2.2.18pre21] Kurt Roeckx
- Re: Linux 2.2.18pre21 Alan Cox
- Re: Linux 2.2.18pre21 Rogier Wolff
- Re: Linux 2.2.18pre21 kuznet
- Re: Linux 2.2.18pre21 Rogier Wolff
- Re: Linux 2.2.18pre21 kuznet
- Re: Linux 2.2.18pre21 Rogier Wolff
- Re: Linux 2.2.18pre21 Matthias Andree
- Re: Linux 2.2.18pre21 Peter Samuelson
- Re: Linux 2.2.18pre21 H. Peter Anvin
- Re: Linux 2.2.18pre21 Peter Samuelson
- Re: Linux 2.2.18pre21 H. Peter Anvin
- Re: Linux 2.2.18pre21 Matthias Andree
- Re: Linux 2.2.18pre21 jesse
- Re: Linux 2.2.18pre21 Pavel Machek
- Re: Linux 2.2.18pre21 Nix
- Re: Linux 2.2.18pre21 Peter Samuelson
- Re: Linux 2.2.18pre21 willy tarreau
- Re: Linux 2.2.18pre21 Matti Aarnio
- Re: Linux 2.2.18pre21 Constantine Gavrilov
- Re: Linux 2.2.18pre21 Matti Aarnio
