On Sun, Jun 8, 2014 at 2:24 AM, Janne Johansson <icepic...@gmail.com> wrote: > I don't think there is a word for "chroot back".
I don't think you read, understood, and executed the sample. After chroot("/"), or chroot(FOO), you can't mknod(2), therefore the description is wrong. Once you limit yourself > into a chroot, you are stuck in it and get special treatment until you > exit. Apart from why mknod wants to fail inside chroots, having a simple > syscall being able to take you out of it would defeat the whole purpose, no? > > > > 2014-06-08 4:36 GMT+02:00 Andres Perera <andre...@zoho.com>: > >> The description of EINVAL in mknod(2) is wrong: >> >> [EINVAL] The process is running within an alternate root >> directory, as created by chroot(2). >> >> Even if a process chroot()s back to /, it can't create a device node. >> >> The program below exits with EINVAL: >> >> #include <sys/stat.h> >> #include <unistd.h> >> >> int main() { >> chroot("/"); >> if (mknod("/t", 0x21b6, 0x1600) == -1) /* stdin amd64 */ >> err(1, "mknod"); >> } >> >> On Sat, Jun 7, 2014 at 2:42 PM, Miod Vallat <m...@online.fr> wrote: >> >> >> Is this some kind of security protection ? >> >> > >> >> > of course... see mknod(2). >> >> >> >> i read it and still does not understand. >> > >> > Check the description of EINVAL. >> >> > > > -- > May the most significant bit of your life be positive.