>>> The claim made was that a hacker who hacks into a chroot trap
>>> can mount proc and use it to get out of the chroot trap, and
>>> I can't see how such can be done, hence the question...
>> /proc/[pid]/fd/.. is handles to files outside the chroot area.
> It does not. In 2.2 at least. In 2.0 you can just use
> /proc/1/cwd :-) But for 2.2... Hm... I'm not sure how to use
> proc to get out of the chroot trap with 2.2 :-/
I can confirm that I'm using 2.2.5 on the system in question, so
tricks that are 2.0 specific are of no interest if they don't also
work under 2.2...
>> That has limited uses as you are normally non root (if you are
>> root the chroot problem is uninteresting).
>> Simply provide some proc-daemons, and talk to them for ps service.
> Doable but still it's interesting question: is it possible for
> non-root to get out of chroot trap via proc ?
So far, nobody has suggested any method that actually works...
Best wishes from Riley.
+----------------------------------------------------------------------+
| There is something frustrating about the quality and speed of Linux |
| development, ie., the quality is too high and the speed is too high, |
| in other words, I can implement this XXXX feature, but I bet someone |
| else has already done so and is just about to release their patch. |
+----------------------------------------------------------------------+
* ftp://ftp.MemAlpha.cx/pub/rhw/Linux
* http://www.MemAlpha.cx/kernel.versions.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/