Linux Today: Linux News On Internet Time.

Abusing chroot

Sep 30, 2007, 12:00 (0 Talkback[s])

"'If you have the ability to use chroot() you are root. If you are root you can walk happily out of any chroot by a thousand other means,' Alan Cox explained during a thread that suggested chroot was broken in Linux. It was further pointed out that this was true per the POSIX specification, and per other OS's implementations. Al Viro suggested this should be added to the lkml FAQ, explaining:

"'If you are within chroot jail and capable of chroot(), you can chdir to its root, then chroot() to subdirectory and you've got cwd outside of your new root. After that you can chdir all way out to original root. Again, this is standard behaviour. Changing it will not yield any security improvements, so kindly give that a rest...'"

Complete Story

Related Stories: