From: edward_at_paradigm4.com.au
Date: Wed Feb 06 2002 - 22:28:21 EST
On Wednesday, 6 February 2002 at 20:35, Nick Craig-Wood wrote:
> I wrote a proof of concept exploit which will break any chroot
> provided the user that runs it has CAP_CHROOT. I'll email the exploit
> to you if you want.
yes please do.
> > If you did chdir("/") after the first chroot, subsequent chroot and
> > chdir("..") will not get you out.
>
> Unfortunately it will. Assume you've done all your chrooting magic.
> Now cd / (in the chroot). Chroot into /tmp. Your current working
> directory is now above your root directory. You can now cd .. with
> impunity and when you've got where you want to be, chroot ".".
Thanks, Jacques already explained it to me.
Ed
This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT