Date: Wed, 28 May 1997 22:06:42 -0600 From: Warner Losh <imp@village.org> To: Peter Korsten <peter@grendel.IAEhv.nl> Cc: Jaye Mathisen <mrcpu@cdsnet.net>, hackers@freebsd.org Subject: Re: Correct way to chroot for shell account users? Message-ID: <E0wWwU6-000283-00@rover.village.org> In-Reply-To: Your message of "Mon, 26 May 1997 23:30:13 %2B0200." <19970526233013.13944@hw.nl> References: <19970526233013.13944@hw.nl> <Pine.NEB.3.95.970525144745.28807A-100000@mail.cdsnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19970526233013.13944@hw.nl> Peter Korsten writes: : I don't think you can build a real shell (like sh or csh) and have : it run safely inside a chroot environment. Someone (as a matter of : fact, the FreeBSD security officer :) ) showed me how to break out : of a chroot environment with a simple 'ln' or something like that. chroot jails are trivial to break out of for any root user that can run a binary. I didn't know you could do it with a simple ln command, however. And fixing the chroot jail is very very very hard. You can get some of the easy holes, but the harder ones are just insane. Heck, OpenBSD hasn't fixed them yet because they are so hard. It goes back to wanting to have a safe ring system of security and chroot is a simple hack for that :-(. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0wWwU6-000283-00>