[Apologies to those who aren't interested in development environment topics.]
On Tue, 15 Jan 2013, Shad L. Lords wrote: > On Tue, Jan 15, 2013 at 11:07 AM, Charlie Brady < > [email protected]> wrote: > > > > Do you have any article or webpage that shows that root can break > > > out of a mock chroot? If so I'd be interested. > > > > Google is your friend: "root can break out of chroot". I don't think that > > "mock chroot" makes any difference. > > You were the one that suggested there might be an issue. "mock chroot" is just a subset of choot. root can break out of any chroot, including one created by 'mock'. Here's how to do it using perl: http://pentestmonkey.net/blog/chroot-breakout-perl > I've researched running root in the chroot. There is "talk" that it can > happen but I've yet to see someone come up with an example of escaping a > mock chroot unless it involves writing a malicious pre/post script in an > rpm that is being installed into that chroot. > > I ask again. Do you have any proof/articles that show that root can escape > the chroot Root can escape any chroot. http://kerneltrap.org/Linux/Abusing_chroot > or just have the "talk" that it can? No I don't. I haven't studied "mock", and don't use it. I don't follow those discussions. I'm prepared to accept (for the sake of argument) that mock is safe for allowing non-root users to build rpm packages as non-root user. I don't accept that anaconda tools can be run as root to install anaconda in a 'mock' created chroot, without risk of breakout. I notice a project has recently been created to do a risk assessment on mock chroot. I see no progress yet on that project. This is enough surely to say that this is an open question. http://zenit.senecac.on.ca/wiki/index.php/Mock_chroot-break/Privilege_Escalation_Risk_Assessment _______________________________________________ Discussion about project organisation and overall direction To unsubscribe, e-mail [email protected] Searchable archive at http://lists.contribs.org/mailman/public/discussion/
