Re: apt-get and The_User
Ethan Benson <erbenson@alaska.net> writes:
> that would probably work, but another reason is simply that if
> chroot() is not privileged then any chrooted daemon/user could easily
> break out of a chroot jail.
>
> iirc this works by opening a directory, say /foo, where /foo is
> really a chroot at /home/foo, the user can then chroot to /foo/bar,
> and use the open descriptor on /foo to break out of the chroot
> entirely.
>
> i think i got that partly wrong but thats the basic idea i read
> somewhere.
I'm a little confused about your example; maybe I've misunderstood it,
but I think you're incorrect.
Any program which is chrooting into a jail must also make sure there
are no open file descriptors to things that might let the user out;
notably, if the system has an fchdir syscall.
Thomas
Reply to: