Date: 22 Dec 1998 19:16:05 +0100 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Casper <casper@acc.am> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: About chroot Message-ID: <xzppv9ct53u.fsf@flood.ping.uio.no> In-Reply-To: Casper's message of "Tue, 22 Dec 1998 20:47:48 %2B0400" References: <367FCD34.FE3CF78F@acc.am>
next in thread | previous in thread | raw e-mail | index | archive | help
Casper <casper@acc.am> writes: > Are there any way to change back to the / , when logged in chroot-ed > environment? Break root, create a device node for kmem, open it, edit your process structure. Or something like that. Won't work unless there are exploitable suid binaries available, but I'm sure there are other, subtler ways. (reminds me of how fun it is, on a Sun box, to use the monitor's Forth interpreter to edit your shell's process structures and set the uid/gid to 0 - assuming the sysadmin has forgotten to set a monitor password, which happens more often than you'd think) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzppv9ct53u.fsf>