Re: chroot question

Sun, 21 Jan 2007 19:58:55 -0800 

Anton Piatek <[EMAIL PROTECTED]> writes:

> I have a amd64 install of debian with a 32bit chroot for a couple of
> apps.  This works great, but I have a question.
>
> Is it possible to have an application inside the 32bit chroot launch
> an application on my main 64 bit system? (e.g. a photo browsing
> program in the 32bit chroot launching gimp, which is installed in my
> main 64 bit system).  I currently launch my 32bit programs with
> schroot and am hoping I can set something to make specific programs
> outside the chroot available...
>
> I cannot think of how this can be achieved, so any ideas are
> welcomed.

root can break out of a chroot environment, so if you wrote a small
program to break out of the chroot, switch back to the original user,
then run another program, it would do roughly what you're asking for.
It might also completely destroy security on your system, so if I were
you I would think a lot harder than I have before doing that.

Here's a program that seems to work for me.  In the 10 minutes I've
been thinking about it, I haven't found any glaring security problems,
apart from allowing any user on the system to break out of a chroot.

#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

void die(char *why)
{
  perror(why);
  exit(1);
}

int main(int argc, char *argv[])
{
  struct stat st, last_st;
  int i;

  if (chroot("/tmp") == -1)
    die("chroot failed");
  if (stat(".",&st) == -1)
    die("stat . failed");
  if (stat("..",&last_st) == -1)
    die("stat .. failed");
  while ( (st.st_dev != last_st.st_dev) || (st.st_ino !=
    last_st.st_ino) ) {
    if (chdir("..") == -1)
      die("chdir failed");
    st = last_st;
    if (stat("..",&last_st) == -1)
      die("stat .. failed");
  }
  if (chroot(".") == -1)
    die("chroot failed");

  setreuid(getuid(),getuid());

  /* Shift arguments over 1 to make room for NULL. */
  for(i=0;i<argc-1;i++)
    argv[i]=argv[i+1];
  argv[argc-1]=NULL;

  execvp(argv[0],argv);
  
  die("exec failed");
}


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to