On Wed, Aug 1, 2012 at 5:00 PM, pancake <panc...@youterm.com> wrote:
> That is vulnerable on linux. Proper use is:
Anyone using chroot for security is a fool.
Uriel
>
> chdir (path); chroot(".");
>
>
>
> On Aug 1, 2012, at 16:50, Strake <strake...@gmail.com> wrote:
>
>> diff -r 8cf300476909 chroot.8
>> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
>> +++ b/chroot.8 Wed Aug 01 04:46:43 2012 -0500
>> @@ -0,0 +1,25 @@
>> +.TH CHROOT 8
>> +.SH NAME
>> +chroot \- change root directory
>> +.SH SYNOPSIS
>> +.B chroot
>> +.I path
>> +[
>> +.I x
>> +[
>> +.I argument ...
>> +]
>> +]
>> +.SH OPERATION
>> +.B chroot
>> +changes the root directory to
>> +.I path
>> +and starts
>> +.I x
>> +with
>> +.I arguments
>> +, or
>> +.B $SHELL -i
>> +if no
>> +.I x
>> +given.
>> diff -r 8cf300476909 chroot.c
>> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
>> +++ b/chroot.c Wed Aug 01 04:46:43 2012 -0500
>> @@ -0,0 +1,22 @@
>> +#include <stdio.h>
>> +#include <stdlib.h>
>> +#include <unistd.h>
>> +#include "util.h"
>> +
>> +int main (int argc, char *argu[]) {
>> + if (argc < 2) {
>> + fputs ("No new root path given\n", stderr);
>> + exit (1);
>> + }
>> + if (chroot (argu[1])) eprintf ("chroot:");
>> + if (argc == 2) {
>> + char *x;
>> + x = getenv ("SHELL");
>> + if (!x) {
>> + fputs ("chroot: SHELL not set\n", stderr);
>> + return 1;
>> + }
>> + if (execl (x, x, "-i", (char *)0) < 0) eprintf ("chroot: %s:", x);
>> + }
>> + else if (execv (argu[2], argu + 2) < 0) eprintf ("chroot: %s:",
>> argu[2]);
>> +}
>>
>
