2.0.35
lrwx------ 1 root root 64 May 28 21:12 cwd -> [0801]:2
2.2.9
lrwx------ 1 root root 0 May 28 14:21 cwd -> /
In 2.0.35 I can trivially break out of a chroot jail via proc. 2.2.x, I
think it's impossible.
Just thought I'd point out that if you've got root access, and you did it
via a stack overflow or what have you, then you can easily modify the code
you push onto the stack to create a dummy /etc/fstab file.
--- tani hosokawa river styx internet
On Wed, 26 May 1999, Riley Williams wrote:
> Hi whoever. > > On Wed, 26 May 1999, Nobody exists wrote: > > >> My analysis states that without the /etc/fstab file, no further > >> filesystems can be mounted, so even if the mount command is present, > >> the user will not be able to mount any further copies of the proc > >> filesystem (or any other filesystem) inside the chroot trap, and thus > >> that such a non-root user has no means to access anything in the proc > >> filesystem. > > > Why not mount proc before the chroot? You could do this at > > system bootup, or just before the chroot, and it would seem to > > solve your problems... > > *I* do *NOT* want /proc available within the chroot - that's the whole > point of my question!!! > > The claim made was that a hacker who hacks into a chroot trap can > mount proc and use it to get out of the chroot trap, and I can't see > how such can be done, hence the question... > > Best wishes from Riley. > > +----------------------------------------------------------------------+ > | There is something frustrating about the quality and speed of Linux | > | development, ie., the quality is too high and the speed is too high, | > | in other words, I can implement this XXXX feature, but I bet someone | > | else has already done so and is just about to release their patch. | > +----------------------------------------------------------------------+ > * ftp://ftp.MemAlpha.cx/pub/rhw/Linux > * http://www.MemAlpha.cx/kernel.versions.html > > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.rutgers.edu > Please read the FAQ at http://www.tux.org/lkml/ >
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/