From owner-freebsd-hackers Sun Sep 26 17: 1:56 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 1CC0114F89; Sun, 26 Sep 1999 17:01:51 -0700 (PDT) (envelope-from julian@whistle.com) Received: from home.elischer.org (home.elischer.org [207.76.204.203]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id RAA92968; Sun, 26 Sep 1999 17:01:35 -0700 (PDT) Date: Sun, 26 Sep 1999 17:01:35 -0700 (PDT) From: Julian Elischer X-Sender: julian@home.elischer.org To: Carol Deihl Cc: freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: chroot could chdir? (was Re: about jail) In-Reply-To: <37EEA27E.244DCF9A@tinker.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You have to examine ALL fd's in case one has a directory open that is outside the chroot.. (see man fchdir(2)) julian On Sun, 26 Sep 1999, Carol Deihl wrote: > Alexander Bezroutchko wrote: > > it is possible to escape from jail > > Following program escapes from jail (tested under 4.0-19990918-CURRENT): > [snip program code that chroot's but doesn't then chdir inside > the new area] > > As we all know, the chroot can be escaped because the sample > program doesn't change the current working directory, and it's > still pointing outside the chrooted area. > > What if chroot itself chdir'ed to it's new root directory? Would > this break existing programs? I'd expect that well-behaved > programs would chdir someplace useful before continuing anyway. > > At the very end of chroot(), could it just > vrele(fdp->fd_cdir); > fdp->fd_cdir = nd.ni_vp; > before it returns, setting the current dir to the same place it > just chrooted to? > > Carol > -- > Carol Deihl - principal, Shrier and Deihl - mailto:carol@tinker.com > Remote Unix Network Admin, Security, Internet Software Development > Tinker Internet Services - Superior FreeBSD-based Web Hosting > http://www.tinker.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message