From owner-freebsd-hackers  Thu May 29 12:55:37 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA05429
          for hackers-outgoing; Thu, 29 May 1997 12:55:37 -0700 (PDT)
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA05420
          for <hackers@FreeBSD.ORG>; Thu, 29 May 1997 12:55:32 -0700 (PDT)
Received: (from daemon@localhost)
	by alpo.whistle.com (8.8.5/8.8.5) id MAA24184;
	Thu, 29 May 1997 12:50:16 -0700 (PDT)
Received: from current1.whistle.com(207.76.205.22)
 via SMTP by alpo.whistle.com, id smtpd024162; Thu May 29 19:50:10 1997
Message-ID: <338DDDC8.794BDF32@whistle.com>
Date: Thu, 29 May 1997 12:49:28 -0700
From: Julian Elischer <julian@whistle.com>
Organization: Whistle Communications
X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386)
MIME-Version: 1.0
To: Warner Losh <imp@village.org>
CC: Terry Lambert <terry@lambert.org>, dec@phoenix.its.rpi.edu,
        peter@grendel.IAEhv.nl, mrcpu@cdsnet.net, hackers@FreeBSD.ORG
Subject: Re: Correct way to chroot for shell account users?
References: <199705291712.KAA03731@phaeton.artisoft.com> <E0wX9v2-0002xM-00@rover.village.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Warner Losh wrote:

> 
> That would likely be the simplest and safest fix.  That would make
> chroot jails safer.  I don't know if that would fix the jailbreak
> problems completely, but it would be a start.  Another "fix" would be
> to disallow chroot when your root directory is "/" (absolute).
> 

It is relatively easy and cheap to check if any given directory
is within your chroot hierarchy.

if ( you are chrooted ) {
	search backwards towards / for either the real root 
	or the chroot'd root
	if you find the chroot root, return YES
}
return NO

remember that most directoried between an active directory and /
are probably in a cache somewhere. (name or otherwise)
and the test only does expensive work when there SI a chroot directory
so for 99.9% or processes it's not done. (except on anon ftp servers).

this is basically the code in getcwd() with a twist.

julian