[Roger Leigh]
> But, can you detect it if you are already /inside/ the chroot?
> i.e. chroot(2) has been called at some point previously.
Yes. It's a consequence of two well-known properties of the chroot
call: (1) you can call chroot() even if you are already in a chroot, to
chroot yourself further; and (2) chroot() does not imply chdir(): thus,
it changes your root directory but does not put you inside that root,
if you aren't already inside it.
Thus the classic way to escape a chroot (fortunately, it only works as
root - and this is why use of chroot() is privileged):
chdir("/");
chroot("/tmp"); /* note: cwd is now outside our root, so further
relative chdir is not restricted */
chdir("../../../../../../../../../..");
chroot("."); /* this step is optional */
--
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
Attachment:
signature.asc
Description: Digital signature