Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 5 Jul 2002 10:13:03 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 5 Jul 2002 10:13:02 -0400 Received: from moutvdomng1.kundenserver.de ([195.20.224.131]:57071 "EHLO moutvdomng1.kundenserver.de") by vger.kernel.org with ESMTP id ; Fri, 5 Jul 2002 10:13:00 -0400 Date: Fri, 5 Jul 2002 08:15:24 -0600 (MDT) From: Thunder from the hill X-X-Sender: thunder@hawkeye.luckynet.adm To: Shaya Potter cc: linux-kernel@vger.kernel.org Subject: Re: prevent breaking a chroot() jail? In-Reply-To: <1025877004.11004.59.camel@zaphod> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1332 Lines: 38 Hi, On 5 Jul 2002, Shaya Potter wrote: > What should I be aware of? I figure devices (no need to run mknod in > this jail) and chroot (as per man page), is there any other way of > breaking the chroot jail (at a syscall level or otherwise)? > > or is this 100% impossible? Well, since we're talking about root: - If you had saved the old root before chroot()ing, use that one. - If you have your whole disk exported via NFS, the prisoner process could use nfs to read files outside the jail - If you have access to a /dev directory, use /dev/sd?? to do the disc access - If not, use mknod("dideldei", 600, {68,1}); open("dideldei", O_SYNC); and do as you like. However, if you aren't running anything you find as root, it's relatively secure. Regards, Thunder -- (Use http://www.ebb.org/ungeek if you can't decode) ------BEGIN GEEK CODE BLOCK------ Version: 3.12 GCS/E/G/S/AT d- s++:-- a? C++$ ULAVHI++++$ P++$ L++++(+++++)$ E W-$ N--- o? K? w-- O- M V$ PS+ PE- Y- PGP+ t+ 5+ X+ R- !tv b++ DI? !D G e++++ h* r--- y- ------END GEEK CODE BLOCK------ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/