On 5 Jul 2002, Shaya Potter wrote:
> What should I be aware of? I figure devices (no need to run mknod in
> this jail) and chroot (as per man page), is there any other way of
> breaking the chroot jail (at a syscall level or otherwise)?
>
> or is this 100% impossible?
Well, since we're talking about root:
- If you had saved the old root before chroot()ing, use that one.
- If you have your whole disk exported via NFS, the prisoner process
could use nfs to read files outside the jail
- If you have access to a /dev directory, use /dev/sd?? to do the disc
access
- If not, use mknod("dideldei", 600, {68,1}); open("dideldei", O_SYNC);
and do as you like.
However, if you aren't running anything you find as root, it's relatively
secure.
Regards,
Thunder
-- (Use http://www.ebb.org/ungeek if you can't decode) ------BEGIN GEEK CODE BLOCK------ Version: 3.12 GCS/E/G/S/AT d- s++:-- a? C++$ ULAVHI++++$ P++$ L++++(+++++)$ E W-$ N--- o? K? w-- O- M V$ PS+ PE- Y- PGP+ t+ 5+ X+ R- !tv b++ DI? !D G e++++ h* r--- y- ------END GEEK CODE BLOCK------- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/