Date: Fri, 1 Nov 1996 23:04:02 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Marc Slemko <marcs@znep.com>, Don Lewis <Don.Lewis@tsc.tdk.com> Cc: Dev Chanchani <dev@trifecta.com>, freebsd-security@freebsd.org Subject: Re: chroot() security Message-ID: <199611020704.XAA08490@salsa.gv.ssi1.com> In-Reply-To: Marc Slemko <marcs@znep.com> "Re: chroot() security" (Nov 1, 11:38pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 1, 11:38pm, Marc Slemko wrote: } Subject: Re: chroot() security } } A trivial solution would be to modify the kernel chroot routine to change } the current directory to something inside the chrooted directory, however } that solution is too trivial in that it would break some existing programs } and I'm not sure it would help anything because I would suggest that many } of the data structures involved could perhaps be manipulated using some } other method. This doesn't really help. A trivial way to break out would be for the process to fork(), the parent process could then chroot() to a subdirectory of the it's root directory, then chdir() to a subdirectory of it's new root directory. The child process could wait for the parent to arrive at it's new current directory, then rename() that directory to another location outside the the tree under parent's root directory. The parent can then walk up the tree to the real root, and then execute chroot() when it gets there. --- Truck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611020704.XAA08490>