Alexander Bezroutchko wrote:
> it is possible to escape from jail
> Following program escapes from jail (tested under 4.0-19990918-CURRENT):
[snip program code that chroot's but doesn't then chdir inside
the new area]
As we all know, the chroot can be escaped because the sample
program doesn't change the current working directory, and it's
still pointing outside the chrooted area.
What if chroot itself chdir'ed to it's new root directory? Would
this break existing programs? I'd expect that well-behaved
programs would chdir someplace useful before continuing anyway.
At the very end of chroot(), could it just
vrele(fdp->fd_cdir);
fdp->fd_cdir = nd.ni_vp;
before it returns, setting the current dir to the same place it
just chrooted to?
Carol
--
Carol Deihl - principal, Shrier and Deihl - mailto:[EMAIL PROTECTED]
Remote Unix Network Admin, Security, Internet Software Development
Tinker Internet Services - Superior FreeBSD-based Web Hosting
http://www.tinker.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
