[Roger Leigh] > But, can you detect it if you are already /inside/ the chroot? > i.e. chroot(2) has been called at some point previously. Yes. It's a consequence of two well-known properties of the chroot call: (1) you can call chroot() even if you are already in a chroot, to chroot yourself further; and (2) chroot() does not imply chdir(): thus, it changes your root directory but does not put you inside that root, if you aren't already inside it. Thus the classic way to escape a chroot (fortunately, it only works as root - and this is why use of chroot() is privileged): chdir("/"); chroot("/tmp"); /* note: cwd is now outside our root, so further relative chdir is not restricted */ chdir("../../../../../../../../../.."); chroot("."); /* this step is optional */ -- Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
Attachment:
signature.asc
Description: Digital signature