l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2002 Jun 12 14:47

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Who opened the floodgates?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Who opened the floodgates?



On Wed, 12 Jun 2002, Micah Cowan wrote:

>  > It should be noted that the root user can break out of any chroot
>  > environment, pretty trivially.
>
> Boy, that kinda defeats the purpose of chroot(), doesn't it?
>
> I didn't know that - can you provide a brief explanation on how this
> may be done, or pointers to more information?

Use mknod to create a hard drive node to (re)mount the real system.  If
you don't got mknod, upload it.  If you don't got upload program (no ftp,
rz, etc.), write a script.  If you got no text editor, use echo with
redirection.  Etc.  You get the idea.

So to make a secure chroot system, you sorta need to strip it down quite a
bit to make sure people can't break out of chroot.  This is one reason why
it's hard to make a system look like it's the real root under a chrooted
environment (there are lots of programs and /dev/* stuff missing.)

Anyway, chroot does have its uses nonetheless, like in an FTP server where
there's no need to fake any root (ie - try to make it look like a real
root to fool the user) but just need to restrict the user's navigation to
a limited section of the file system.

-Mark

--
Mark K. Kim
http://www.cbreak.org/
PGP key available upon request.


_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.