From owner-freebsd-security Sun Sep 26 15:48:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from tinker.com (troll.tinker.com [204.214.7.146]) by hub.freebsd.org (Postfix) with ESMTP id EE3F414C44; Sun, 26 Sep 1999 15:48:17 -0700 (PDT) (envelope-from carol@tinker.com) Received: by localhost (8.8.5/8.8.5) Received: by mail.tinker.com via smap (V2.0) id xma008455; Sun Sep 26 17:25:55 1999 Received: by localhost (8.8.8/8.8.8) id RAA19535; Sun, 26 Sep 1999 17:48:03 -0500 (CDT) Message-ID: <37EEA27E.244DCF9A@tinker.com> Date: Sun, 26 Sep 1999 17:47:26 -0500 From: Carol Deihl Organization: Shrier and Deihl X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.8-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: chroot could chdir? (was Re: about jail) References: <199909251302.RAA58030@grendel.sovlink.ru> <19990925171712.A80535@zenon.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alexander Bezroutchko wrote: > it is possible to escape from jail > Following program escapes from jail (tested under 4.0-19990918-CURRENT): [snip program code that chroot's but doesn't then chdir inside the new area] As we all know, the chroot can be escaped because the sample program doesn't change the current working directory, and it's still pointing outside the chrooted area. What if chroot itself chdir'ed to it's new root directory? Would this break existing programs? I'd expect that well-behaved programs would chdir someplace useful before continuing anyway. At the very end of chroot(), could it just vrele(fdp->fd_cdir); fdp->fd_cdir = nd.ni_vp; before it returns, setting the current dir to the same place it just chrooted to? Carol -- Carol Deihl - principal, Shrier and Deihl - mailto:carol@tinker.com Remote Unix Network Admin, Security, Internet Software Development Tinker Internet Services - Superior FreeBSD-based Web Hosting http://www.tinker.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message