From owner-freebsd-hackers  Sun Nov 15 13:02:36 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA01730
          for freebsd-hackers-outgoing; Sun, 15 Nov 1998 13:02:36 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from dingo.cdrom.com (castles245.castles.com [208.214.165.245])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA01723
          for <freebsd-hackers@FreeBSD.ORG>; Sun, 15 Nov 1998 13:02:33 -0800 (PST)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (LOCALHOST [127.0.0.1])
	by dingo.cdrom.com (8.9.1/8.8.8) with ESMTP id MAA14163;
	Sun, 15 Nov 1998 12:56:04 -0800 (PST)
	(envelope-from mike@dingo.cdrom.com)
Message-Id: <199811152056.MAA14163@dingo.cdrom.com>
X-Mailer: exmh version 2.0.2 2/24/98
To: Harold Gutch <logix@foobar.franken.de>
cc: zhihuizhang <bf20761@binghamton.edu>,
        hackers <freebsd-hackers@FreeBSD.ORG>
Subject: Re: Question on chroot() 
In-reply-to: Your message of "Sun, 15 Nov 1998 20:08:13 +0100."
             <19981115200813.B12524@foobar.franken.de> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 15 Nov 1998 12:56:03 -0800
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> On Sun, Nov 15, 1998 at 09:56:32AM -0800, Mike Smith wrote:
> > Breaking out of a chroot'ed environment is less easy if you're not 
> > root
> Is this meant to be read as "more or less impossible", that is,
> impossible unless the user can become root first (due to insecure
> suid-root binaries in the chroot-environment etc.), or can users
> really break out in more or less every situation (of course
> assuming stuff like that they don't have any open filehandles
> pointing to the outside in the beginning).

It's quite difficult to break out of a chroot'ed environment, yes, and 
it's intended to be impossible, so obviously you can only get out 
through flaws in the implementation...

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message