From owner-freebsd-hackers Mon Jul 27 16:18:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA04417 for freebsd-hackers-outgoing; Mon, 27 Jul 1998 16:18:02 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from smtp03.primenet.com (daemon@smtp03.primenet.com [206.165.6.133]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA04359 for ; Mon, 27 Jul 1998 16:17:35 -0700 (PDT) (envelope-from tlambert@usr05.primenet.com) Received: (from daemon@localhost) by smtp03.primenet.com (8.8.8/8.8.8) id QAA05568; Mon, 27 Jul 1998 16:17:04 -0700 (MST) Received: from usr05.primenet.com(206.165.6.205) via SMTP by smtp03.primenet.com, id smtpd005451; Mon Jul 27 16:16:53 1998 Received: (from tlambert@localhost) by usr05.primenet.com (8.8.5/8.8.5) id QAA04693; Mon, 27 Jul 1998 16:16:51 -0700 (MST) From: Terry Lambert Message-Id: <199807272316.QAA04693@usr05.primenet.com> Subject: Re: inetd enhancements To: n@nectar.com (Jacques Vidrine) Date: Mon, 27 Jul 1998 23:16:51 +0000 (GMT) Cc: tlambert@primenet.com, hackers@FreeBSD.ORG In-Reply-To: from "Jacques Vidrine" at Jul 27, 98 04:46:44 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Root can escape > > a chroot jail because of the way the chroot root vnode is (in my > > opinion) incorrectly set to NULL instead of the real root for the > > non-chroot case (fixing this would incidently simplify the namei code). > > > > The "ftpd" case is especially vulnerable... > > I don't follow. Could you give an example scenario of an exploit? I spared the list my code for doing this, sending it only to the questioner. Thank you, Terry. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message