On 01/08/2012, pancake <panc...@youterm.com> wrote:
> That is vulnerable on linux. Proper use is:
>
> chdir (path); chroot(".");
Ah, sorry.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chroot.8 Wed Aug 01 05:09:36 2012 -0500
@@ -0,0 +1,25 @@
+.TH CHROOT 8
+.SH NAME
+chroot \- change root directory
+.SH SYNOPSIS
+.B chroot
+.I path
+[
+.I x
+[
+.I argument ...
+]
+]
+.SH OPERATION
+.B chroot
+changes the root directory to
+.I path
+and starts
+.I x
+with
+.I arguments
+, or
+.B $SHELL -i
+if no
+.I x
+given.
diff -r 8cf300476909 chroot.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chroot.c Wed Aug 01 05:09:36 2012 -0500
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "util.h"
+
+void main (int argc, char *argu[]) {
+ if (argc < 2) {
+ fputs ("No new root path given\n", stderr);
+ exit (1);
+ }
+ if (chdir(argu[1]) || chroot (".")) eprintf ("chroot:");
+ if (argc == 2) {
+ char *x;
+ x = getenv ("SHELL");
+ if (!x) {
+ fputs ("chroot: SHELL not set\n", stderr);
+ exit (1);
+ }
+ if (execl (x, x, "-i", (char *)0) < 0) eprintf ("chroot: %s:",
x);
+ }
+ else if (execv (argu[2], argu + 2) < 0) eprintf ("chroot: %s:",
argu[2]);
+}
