Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Sep 1999 15:37:39 -0500
From:      Carol Deihl <carol@tinker.com>
To:        trouble@hackfurby.com
Cc:        freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG
Subject:   Re: chroot could chdir? (was Re: about jail)
Message-ID:  <37EFD593.A6900748@tinker.com>
References:  <199909251302.RAA58030@grendel.sovlink.ru> <19990925171712.A80535@zenon.net> <37EEA27E.244DCF9A@tinker.com> <37F00602.96D098D3@hackfurby.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

I was referring to the practice of chdir-ing
to someplace within the chrooted area right *after* doing the
chroot, before doing anything else. Otherwise, the current
working directory may be pointing to a directory *outside*
the chrooted area. Of course, if you set the current working
directory to someplace inside the chrooted area *before*
doing the chroot, that's fine too.

However, it is a danger that some programmers are not careful
(or are malicious), and neither set an appropriate current dir
before chrooting, nor afterwards. Since this allows one to
break out of a chrooted area, I'm looking for a solution to
this security problem.

Carol

TrouBle wrote:
> 
> Ummm sorry but i think you have goten this backwards it is more secure to
> chdir, then chrrot, not chroot then chdir....  I believe what you have here is
> backwards
> 
> >
> > As we all know, the chroot can be escaped because the sample
> > program doesn't change the current working directory, and it's
> > still pointing outside the chrooted area.
> >
> > What if chroot itself chdir'ed to it's new root directory? Would
> > this break existing programs? I'd expect that well-behaved
> > programs would chdir someplace useful before continuing anyway.
> >
> > At the very end of chroot(), could it just
> >         vrele(fdp->fd_cdir);
> >         fdp->fd_cdir = nd.ni_vp;
> > before it returns, setting the current dir to the same place it
> > just chrooted to?
-- 
Carol Deihl - principal, Shrier and Deihl - mailto:carol@tinker.com
Remote Unix Network Admin, Security, Internet Software Development
  Tinker Internet Services - Superior FreeBSD-based Web Hosting
                     http://www.tinker.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37EFD593.A6900748>