From owner-freebsd-hackers  Sat Nov 21 21:41:31 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA02620
          for freebsd-hackers-outgoing; Sat, 21 Nov 1998 21:41:31 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA02613
          for <freebsd-hackers@FreeBSD.ORG>; Sat, 21 Nov 1998 21:41:29 -0800 (PST)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id VAA24908;
	Sat, 21 Nov 1998 21:40:34 -0800 (PST)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id VAA25791;
	Sat, 21 Nov 1998 21:40:33 -0800 (PST)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id VAA00380;
	Sat, 21 Nov 1998 21:40:32 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199811220540.VAA00380@salsa.gv.tsc.tdk.com>
Date: Sat, 21 Nov 1998 21:40:32 -0800
In-Reply-To: Julian Elischer <julian@whistle.com>
       "Re: Question on chroot()" (Nov 17, 12:09pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Julian Elischer <julian@whistle.com>, Eivind Eklund <eivind@yes.no>
Subject: Re: Question on chroot()
Cc: Mike Smith <mike@smith.net.au>, Harold Gutch <logix@foobar.franken.de>,
        zhihuizhang <bf20761@binghamton.edu>,
        hackers <freebsd-hackers@FreeBSD.ORG>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Nov 17, 12:09pm, Julian Elischer wrote:
} Subject: Re: Question on chroot()

} > I'm not sure if you need the fchdir(); chroot() is not supposed to
} > affect your current directory.  I don't think anybody has fixed the
} > above problem; it seems quite difficult to fix (you have to know which
} > FDs are inside and outside the jail, which is non-trivial).
} 
} You can test all fds that are directories to see if they are outside the
} chroot, and fail the chroot if there are any such.
} However it doesn't help because you can fork, open a unix domain socket,
} and have the child do the chroot and then have the parent send it
} an fd that would have made the chroot fail.

Another way to break out is to fork(), then in one process chroot() to a
subdirectory and chdir() to a subdirectory of the new chroot directory, and
then in the other process rename the second subdirectory out from under
the chroot directory.

			---  Truck

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message