Date: Sun, 26 Sep 1999 17:47:26 -0500 From: Carol Deihl <carol@tinker.com> To: freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: chroot could chdir? (was Re: about jail) Message-ID: <37EEA27E.244DCF9A@tinker.com> References: <199909251302.RAA58030@grendel.sovlink.ru> <19990925171712.A80535@zenon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexander Bezroutchko wrote:
> it is possible to escape from jail
> Following program escapes from jail (tested under 4.0-19990918-CURRENT):
[snip program code that chroot's but doesn't then chdir inside
the new area]
As we all know, the chroot can be escaped because the sample
program doesn't change the current working directory, and it's
still pointing outside the chrooted area.
What if chroot itself chdir'ed to it's new root directory? Would
this break existing programs? I'd expect that well-behaved
programs would chdir someplace useful before continuing anyway.
At the very end of chroot(), could it just
vrele(fdp->fd_cdir);
fdp->fd_cdir = nd.ni_vp;
before it returns, setting the current dir to the same place it
just chrooted to?
Carol
--
Carol Deihl - principal, Shrier and Deihl - mailto:carol@tinker.com
Remote Unix Network Admin, Security, Internet Software Development
Tinker Internet Services - Superior FreeBSD-based Web Hosting
http://www.tinker.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37EEA27E.244DCF9A>