LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Breaking out of Chroot
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 02-21-2005, 10:21 PM   #1
Aeiri
Member
Contributing Member
 
Registered: Feb 2004
Distribution: GRML & Arch
Posts: 307

Rep: Reputation: 30
Breaking out of Chroot

Does anyone know if this has been fixed with newer versions of Linux? If so, which versions are required?

http://www.bpfh.net/simes/computing/chroot-break.html
 
Old 02-26-2005, 02:10 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
I'm not sure if these have been directly addressed in recent kernel versions, but I do know that the original SELinux framework prevents fchdir() chroot attacks because the type security labels won't allow access outside of the chroot. However, SELinux is still not fully mature and I'm not sure how much of this has been integrated yet. If you're trying to lock down your chroot, take a look at grsecurity. It has some really nice features that prevent fchdir(), piviot_root, double chroot, as well as a number of other restrictions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Breaking Into Programming - What now? simsjr Programming 14 06-07-2004 01:16 PM
breaking waves... marsques Linux - Software 4 05-18-2004 01:25 AM
Slackware is breaking on me h1tman Slackware 8 08-18-2003 06:53 AM
It's this a breaking attent? hubergeek Linux - Security 1 11-27-2002 11:24 AM
Breaking Windows cli_man General 17 04-20-2002 02:35 AM


All times are GMT -5. The time now is 02:13 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration