chroot

tommytomato · 04-29-2014, 06:42 PM

Some one care to explain please

I have set up vsftpd OK, seems to work

when I log in as a normal user I can still surf through the system with WinSCP and I'm able to see the the folders like /etc and so on

I've added the lines

Code:

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

let me get this straight, if I add a user to the vsftpd.chroot_list, user is still able to surf the filing system ?

if I dont add a user to the vsftpd.chroot_list, user cant not surf the filing system is that correct ?

I'm going by what this person said on post 17
http://www.cyberciti.biz/tips/vsftp-...directory.html

TT

linosaurusroot · 04-30-2014, 03:30 AM

WinSCP is making an SSH connection and is not affected by the vsftpd configuration. Consulting your (empty) vsftpd logs should confirm this. It sounds like you need to look at your sshd instead.

sundialsvcs · 04-30-2014, 07:28 AM

And it is never really proper to assume that a user cannot by some means escape from a "chroot jail." The term is really a misnomer. If you need to protect something, you need to protect it, and you need to protect it. You can't do that successfully just by trying to hide it.

linosaurusroot · 04-30-2014, 04:01 PM

Quote:

Originally Posted by sundialsvcs

And it is never really proper to assume that a user cannot by some means escape from a "chroot jail." The term is really a misnomer. If you need to protect something, you need to protect it, and you need to protect it. You can't do that successfully just by trying to hide it.

Can you show any methods for a non-root user to escape from a properly-created chroot?

szboardstretcher · 04-30-2014, 04:04 PM

You can find information like that on pen-testing and other 'security' related sites. Your question is leading toward hacking / cracking and it is frowned upon here.

But as a general answer, yes. It is completely possible to 'break out' of a jail. This is mostly by mis-configuration, or over-privileged users, or permissions problems. You should read up on proper jail set up to avoid common pitfalls, and set up monitoring and auditing on usage to detect problems before they spiral out of control.

jpollard · 04-30-2014, 08:14 PM

Quote:

Originally Posted by linosaurusroot

Can you show any methods for a non-root user to escape from a properly-created chroot?

Most of them involve a bug.

There are a number of commands that won't work in a jail - Things that have to access process table, things that access certain device functions. Most of the ones that don't work need access to kernel memory. If that IS provided, then a successful hack of root within the jail can break out by altering kernel memory, altering the chroot /dev table and adding a device to access the real root partition. Bugs in the device drivers can also be used to break out.

A fairly old document on the use of chroot: http://www.bpfh.net/simes/computing/chroot-break.html

jefro · 04-30-2014, 09:24 PM

In a strict sense, one shouldn't have allowed any access outside the ftp directory. Use other means to access system remotely to access more sensitive mount points.