> Robert Bihlmeyer wrote:
> > Alan Cox wrote:
> > >> mkdir("x"); chroot("x"); chdir("../../../../../../../..");
> > >> chroot(".");
> > You tried it? One will escape from x with that.
>
> Well, one was never really captured. I didn't notice the missing chdir,
> but its well known behaviour that if you never chdir into a chroot jail,
> you can easily "escape".
You missed the point. You _are_ already in a chroot jail, this is how you
escape from it.
mkdir("foo"); chroot("foo"); chdir("foo");
# you are in the "jail" now
mkdir("x"); chroot("x"); chdir("../../../../../.."); chroot(".");
# no more jail...
Ionut
-- It is better to keep your mouth shut and be thought a fool, than to open it and remove all doubt.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu