Date: Sat, 2 Nov 1996 15:50:45 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: dev@trifecta.com (Dev Chanchani) Cc: marcs@znep.com, freebsd-security@FreeBSD.org Subject: Re: chroot() security Message-ID: <199611020520.PAA06652@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.BSF.3.91.961101200316.8137A-100000@www.trifecta.com> from "Dev Chanchani" at Nov 1, 96 08:04:43 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Dev Chanchani stands accused of saying: > > Basically, how can someone get out of a chroot()'ed environment is they > get root? Can they access the filesystem outsite their chroot()'ed > directory? I know they can place their own binaries and begin to sniff, > etc, but can they easily get out of their environment? Also, can a user > access the inode table or does the kernel only access the inode table? Depending on how the filesystem they're in is mounted, one quick way out is to make some device nodes that reference the system's disks (rememeber, a little bit out redirection sleight-of-hand and they can upload any binary they like). Alternatively, they can make themselves a nuisance by shooting down other processes, rebooting the machine, you name it. -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611020520.PAA06652>