LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   chroot jail problem: 'empty' jail (https://www.linuxquestions.org/questions/linux-security-4/chroot-jail-problem-%27empty%27-jail-798196/)

MatrixS_Master 03-27-2010 03:11 AM

chroot jail problem: 'empty' jail
 
Here is a very strange problem with chroot in two mini distros (Tiny Core and SliTaz): chroot jail appears 'blind'. Chroot can't find any files in the jail and exit with error code.

Example (ugly):
Code:

# mkdir /mnt/test
# mkdir /mnt/test/bin
# mkdir /mnt/test/dev
# mkdir /mnt/test/proc
# mkdir /mnt/test/lib
# mount /dev/hdb1 /mnt/test
# mount -t proc none /mnt/test/proc
# mount -o bind /dev /mnt/test/dev
# mount -o bind /bin /mnt/test/bin
# mount -o bind /lib /mnt/test/lib
# chroot /mnt/test /bin/bash
chroot: cannot execute /bin/bash: No such file or directory

Where is the problem?

unSpawn 03-27-2010 05:26 AM

Quote:

Originally Posted by MatrixS_Master (Post 3914146)
Where is the problem?

Giving something in a chroot direct access to "Real World" resources is one of the four ways to break out of it. By populating the chroot instead of loop-mounting whole subtrees you'll find stuff Just Works.

MatrixS_Master 03-27-2010 05:40 AM

Quote:

Originally Posted by unSpawn (Post 3914224)
Giving something in a chroot direct access to "Real World" resources is one of the four ways to break out of it. By populating the chroot instead of loop-mounting whole subtrees you'll find stuff Just Works.

Thanks for answer!

In Debian, Arch and Gentoo presented command block works fine. I think, it's a problem of mini linux distros.
May misconfigured kernel chroot setting led to this bug?

PS> last tested on Arch x86 2009.08

unSpawn 03-27-2010 06:10 AM

Quote:

Originally Posted by MatrixS_Master (Post 3914239)
In Debian, Arch and Gentoo presented command block works fine.

That may be so but remember doing so weakens your chroot, OK?


Quote:

Originally Posted by MatrixS_Master (Post 3914239)
I think, it's a problem of mini linux distros. May misconfigured kernel chroot setting led to this bug?

There is no way AFAIK to "misconfigure" the chroot() call and in any case that should preferably be backed up by "evidence". If populating a chroot by trading in some features for less disk usage (compared to just copying over files) is an option then see 'busybox'.

MatrixS_Master 03-27-2010 06:25 AM

Thanks a lot!
Problem solved by installing coreutils :}


All times are GMT -5. The time now is 02:39 AM.