[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chroot() break

On 23 May 2001, Artur Grabowski wrote:
> > 	hi!
> > 	it's wellknown that obsd's chroot() is
> > 	breakable.
> > 	so i wonder is the development team going to
> > 	fix this "feature"?
> Yes, it's well-documented that root can break out of a chroot.
> There are currently no plans to fix this. Allowing root in a chroot environment
> is simply a bad idea.
Sure. But what about processes that don't run as root most of their time &
do start as root as a parameter to chroot utility? Them may be breakable. A
time ago I've heared (but didn't investigate details) about 1 byte obsd
ftpd exploit. Imagine this or analogue software do chroot on user
~'s or somewhere else. Then after exploiting this <cansored> software you
rase upper chroot easier then in Free BSD now. That's not a good thing. :(

MISiS Telecommunications
phone:   +7(095)955-0087