I use 'chroot' command to run program which made by other guy.
First time, i can escape from 'chroot jail' by close terminal window.
But, i can't escape from chroot jail with samething before.

I am find a clue about this problem. I did follow it's explain.
But i cann't resolve that. Also, i cann't understand this meaning.
Clue is like below
" http://linux.die.net/man/2/chroot "
"This call does not change the current working directory, so that after the call '.' can be outside the tree rooted at '/'. In particular, the superuser can escape from a 'chroot jail' by doing 'mkdir foo; chroot foo; cd ..'."

Please let me know the clue about this problem.
And if possilbe, please explain above description from linux.die.net.

Thank you very much
Marcus shin.

Escaping from a chroot jail is more commonly known as "cracking". We won't support cracking on this site.

Although the fact that it's relatively simple to do also demonstrates that one shouldn't overly rely on chrooting for security.

One known method of escaping a chroot jail is to change the current working directory (CWD) to a directory outside the chroot jail using its file descriptor. This requires root privileges. I believe there is no way to break out of a chroot jail without root privilege. Chroot should not be used as a security measure unless it is well-configured and its vulnerabilities are well-understood.

Anyone who uses chroot for security should ensure it is well-tested against known attacks. I believe hiding information necessary to perform such tests is a parallel mindset to "security through obscurity". It aims to protect our information by attempting to keep our attackers ignorant, and ourselves as well as a side-effect. It is important that the security of our internet and information systems is based on knowledge and sound principle rather than self-imposed ignorance.

If you refer to the LQ rule about cracking with this, this has nothing to do with ignorance, it is because of legal issues.

Note that this is in reference to the chroot system call (manual section 2), and not to the chroot command. While the chroot system call does not change the current working directory, the chroot command does do a chdir() into the jail, so the quoted method does not apply.

Thanks for making that distinction; however, the exploit is viable even when the current working directory was changed as well, as demonstrated here. A variation of the exploit might also apply to the chroot command. All that is necessary is a file descriptor for a directory outside of the chroot jail.

FWIW, here is a quotation from a post by Anton Chuvakin, Ph.D.:
"... the number of ways that root user can break out of chroot is huge. Starting from simple use of a chroot() call with no chdir() [see code below] to esoteric methods as the creation of your own /dev/hda or /dev/kmem devices, injection code into the running kernel (http://www.big.net.au/~silvio/runtim...m-patching.txt), using open directory handles outside chroot or chroot-breaking buffer overflows."

Are you sure it has nothing to do with ignorance? Regardless, whatever the motive and whoever the cause, the effect is a restriction on public and academic research in anti-security, which is more important to the field of security than to malicious hackers.

This may require a wee bit of explanation. Certain content becomes or may become a liability under the law so without having to test safe-harbor provisions LQ steers clear of certain topics. LQ for example does not condone circumvention of access restrictions as in digital rights management, network access or warez or those actively seeking for what we consider clear cases of "cracking": there are enough sites elsewhere on the 'net that do allow that kind of stuff.
To check if any posted content is in violation of the LQ Rules best use the report button on that post and ask moderators for a verdict.