Paul Boddie wrote:
>
[chroot "jail" solutions]
> I don't have the details with me now, but I'll probably upload the
> code in the near future and post some kind of explanation of what it
> does here.
I've now uploaded the code to the Python Package Index:
http://www.python.org/pypi/jailtools
I
> To launch a child process in a chroot you can easily just fork and
> then make the chroot syscall in the child process immediately after
> the fork.
It's not so easy. On Linux, you need to have the CAP_SYS_CHROOT
capability to invoke the syscall; on other systems, you may have
to be root.
Regar
On 6/25/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Jun 25, 11:58 am, Paul Boddie <[EMAIL PROTECTED]> wrote:
> > On 25 Jun, 16:48, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> > > I followed up with my ISP. Here's the answer I got:
> >
> > > The os.exec call prepends the
On Jun 25, 11:58 am, Paul Boddie <[EMAIL PROTECTED]> wrote:
> On 25 Jun, 16:48, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
>
>
> > I followed up with my ISP. Here's the answer I got:
>
> > The os.exec call prepends the chroot directory to the absolute path,
> > but does NOT provide chroot fo
On Jun 25, 4:12 pm, Bjoern Schliessmann wrote:
> [EMAIL PROTECTED] wrote:
> > I followed up with my ISP. Here's the answer I got:
>
> > The os.exec call prepends the chroot directory to the absolute
> > path, but does NOT provide chroot for the child process.
>
> That sounds like rubbish to me. I
> The os.exec call prepends the chroot directory to the absolute path,
> but does NOT provide chroot for the child process. However, as long
> as the environment is maintained, which contains an LD_PRELOAD, the
> "chroot" will also be maintained. If LD_PRELOAD is removed or
> ignored, then the c
> This was my thought too. I just figured there was something special
> about this command that brought one to the "real" Python intrepreter
> and then to the real "/bin/sh". That's odd, my ISP seem adament that
> this is a way to break out. I'll just have to put in the work to test
> to locally
[EMAIL PROTECTED] wrote:
> I followed up with my ISP. Here's the answer I got:
>
> The os.exec call prepends the chroot directory to the absolute
> path, but does NOT provide chroot for the child process.
That sounds like rubbish to me. If it worked like that, chrooting
servers would be virtu
On 25 Jun, 16:48, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
> I followed up with my ISP. Here's the answer I got:
>
> The os.exec call prepends the chroot directory to the absolute path,
> but does NOT provide chroot for the child process. However, as long
> as the environment is maintaine
On 2007-06-25, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
>> [EMAIL PROTECTED] schrieb:
>>
>> > This wiki page suggests using a chroot jail to sandbox Python, but
>> > wouldn't running something like this in your sandboxed Python
[EMAIL PROTECTED] wrote:
> On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
>> [EMAIL PROTECTED] schrieb:
>>
>>> This wiki page suggests using a chroot jail to sandbox Python, but
>>> wouldn't running something like this in your sandboxed Python instance
>>> still break you out of t
On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] schrieb:
>
> > This wiki page suggests using a chroot jail to sandbox Python, but
> > wouldn't running something like this in your sandboxed Python instance
> > still break you out of the chroot jail:
>
> > os.exe
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
> > You have to define your threat model. If the threat to prevent is
> > a malicious user getting at your data, or spreading a virus
> > through your files, then chroot is perfectly ade
On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] schrieb:
>
> > This wiki page suggests using a chroot jail to sandbox Python, but
> > wouldn't running something like this in your sandboxed Python instance
> > still break you out of the chroot jail:
>
> > os.exe
[EMAIL PROTECTED] schrieb:
> This wiki page suggests using a chroot jail to sandbox Python, but
> wouldn't running something like this in your sandboxed Python instance
> still break you out of the chroot jail:
>
> os.execle ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")',
> {})
Depend
On Jun 25, 1:21 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
wrote:
> This wiki page suggests using a chroot jail to sandbox Python, but
> wouldn't running something like this in your sandboxed Python instance
> still break you out of the chroot jail:
>
> os.execle ('/usr/bin/python','-c','import o
This wiki page suggests using a chroot jail to sandbox Python, but
wouldn't running something like this in your sandboxed Python instance
still break you out of the chroot jail:
os.execle ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")',
{})
or maybe:
del os.environ['LD_PRELOAD']
os.
17 matches
Mail list logo
