> > You missed the point. You _are_ already in a chroot jail, this is how you
> > escape from it.
> >
> > mkdir("foo"); chroot("foo"); chdir("foo");
> >
> > # you are in the "jail" now
> >
> > mkdir("x"); chroot("x"); chdir("../../../../../.."); chroot(".");
> >
> > # no more jail...
[ ... ]
> from the output below which shows the inode number of the real /
> so indeed it's possible to escape :-(
Isn't it possible to prohibit chroot() if the current process is already
chroot()ed? I can't see a reason why to have a chroot environment within
a chroot environment. Or would this be touching features of some sort of
securelevel switch where we disallow chroot after being chrooted?
Paul
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu