On 23/09/06, Michael Vasiliev <[EMAIL PROTECTED]> wrote:
Not entirely correct, if you have some privileges, namely if you are still a
root user inside a chroot padded cell, you can easily break out by moving up
a root user can just create a device file and access any device
through that, that's why you shouldn't give root access if you don't
trust the user of the chroot jail.
the tree with fchdir(open(".",O_RDONLY)), followed by a number of chdir("..")
and chrooting("."), eventually hitting the /. I think the BSD version of
Are you sure? Have you tried this? Here is what happens at the root
of a chroot'ed directory:
# ls -ldi . ..
2 drwxr-xr-x 22 root root 624 2006-06-08 17:49 .
2 drwxr-xr-x 22 root root 624 2006-06-08 17:49 ..
Same directory outside chroot:
# ls -ldi . ..
2 drwxr-xr-x 22 root root 624 2006-06-08 17:49 .
2 drwxr-xr-x 22 root root 4096 2006-08-26 10:25 ..
I.e. the chroot environment will simulate the standard practice of
"/.." == "/" (the "624" means the they are the same i-node)
--Amos
--
"Military justice is to justice what military music is to music"
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
