>>> Unless I'm misunderstanding this, it appears to be pointless
>>> since only processes chroot'd to / or /proc could see the
>>> entries in the proc file system anyway, as if they're chroot'd
>>> anywhere else, they can't even access /proc ???
>> If you are setting up a server with a chrooted environment for
>> users, it is useful to have /proc mounted inside the chroot so
>> that programs like top and ps can work, so yes, users can get
>> at /proc.
> But then you have to be careful if you use that as a security
> enhancement. Programs that are suid root can break out of their
> chroot by cd'ing to /proc/1/root. If the user for some reason
> gets a program to run outside of the chroot with his uid, they
> can break out without suid by using this program's proc entry.
At least you're on a similar wavelength to me, so perhaps you can
answer my original question rather than providing me with unwanted
information about how to do something I don't want to do !!!
Q> It has been claimed here on linux-kernel that ANY user
Q> who finds themselves telnet'd into a chroot trap on a
Q> system they've hacked into can get out of that chroot
Q> trap by mounting the proc file system somewhere and then
Q> using the backdoor you mention therein.
Q> Question: If such a user is in a chroot trap which does
Q> NOT have the proc file system mounted therein, with no
Q> /etc/fstab visible within the said environment, and with
Q> them NOT having cracked into the superuser account, can
Q> they mount the proc file system themselves ???
It is my opinion that in these circumstances, they would not in fact
be able to mount the proc file system, and thus would be unable to use
any holes therein to break out of it, but I'm by no means a security
expert, and thus would appreciate comments from others.
Please note that the "If you want that, why not mount the proc file
system before chroot'ing them there" type of answer, which is all that
I have received so far, is completely irrelevant to the question being
asked, and replies of that nature will be ignored as a result.
Best wishes from Riley.
+----------------------------------------------------------------------+
| There is something frustrating about the quality and speed of Linux |
| development, ie., the quality is too high and the speed is too high, |
| in other words, I can implement this XXXX feature, but I bet someone |
| else has already done so and is just about to release their patch. |
+----------------------------------------------------------------------+
* ftp://ftp.MemAlpha.cx/pub/rhw/Linux
* http://www.MemAlpha.cx/kernel.versions.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/