From owner-freebsd-questions  Mon Apr 16 14:53:15 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.XtremeDev.com (xtremedev.com [216.241.38.65])
	by hub.freebsd.org (Postfix) with ESMTP id ED74D37B43C
	for <freebsd-questions@FreeBSD.ORG>; Mon, 16 Apr 2001 14:53:10 -0700 (PDT)
	(envelope-from freebsd@XtremeDev.com)
Received: by mail.XtremeDev.com (Postfix, from userid 1007)
	id 400F613648; Mon, 16 Apr 2001 15:53:09 -0600 (MDT)
Received: from localhost (localhost [127.0.0.1])
	by mail.XtremeDev.com (Postfix) with ESMTP
	id 2A5B3D957; Mon, 16 Apr 2001 15:53:09 -0600 (MDT)
Date: Mon, 16 Apr 2001 15:53:08 -0600 (MDT)
From: FreeBSD <freebsd@XtremeDev.com>
To: Roelof Osinga <roelof@nisser.com>
Cc: Odhiambo Washington <wash@wananchi.com>,
	FBSD-Q <freebsd-questions@FreeBSD.ORG>
Subject: Re: Starting JAIL
In-Reply-To: <3ADB6418.D9B96B6F@nisser.com>
Message-ID: <20010416154914.H79383-100000@Amber.XtremeDev.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 16 Apr 2001, Roelof Osinga wrote:
> You don't. Jail it might be, but it's still chroot() based (granted,
> I'll be whipped horribly if tell it wrong... but, hey! You only live
> once ;) and chroot's can be broken out of. Especially when you hand
> them a shell.

I'm curious as to how a user can break out of a FreeBSD chroot. According
to http://docs.freebsd.org/44doc/papers/jail/jail-6.html#section8, three
three classes of chroot attacks were countered in FreeBSD. Are there other
ways to break out of chroot than those mentioned?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message