Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I use 'chroot' command to run program which made by other guy.
First time, i can escape from 'chroot jail' by close terminal window.
But, i can't escape from chroot jail with samething before.
I am find a clue about this problem. I did follow it's explain.
But i cann't resolve that. Also, i cann't understand this meaning.
Clue is like below
" http://linux.die.net/man/2/chroot "
"This call does not change the current working directory, so that after the call '.' can be outside the tree rooted at '/'. In particular, the superuser can escape from a 'chroot jail' by doing 'mkdir foo; chroot foo; cd ..'."
Please let me know the clue about this problem.
And if possilbe, please explain above description from linux.die.net.
One known method of escaping a chroot jail is to change the current working directory (CWD) to a directory outside the chroot jail using its file descriptor. This requires root privileges. I believe there is no way to break out of a chroot jail without root privilege. Chroot should not be used as a security measure unless it is well-configured and its vulnerabilities are well-understood.
Anyone who uses chroot for security should ensure it is well-tested against known attacks. I believe hiding information necessary to perform such tests is a parallel mindset to "security through obscurity". It aims to protect our information by attempting to keep our attackers ignorant, and ourselves as well as a side-effect. It is important that the security of our internet and information systems is based on knowledge and sound principle rather than self-imposed ignorance.
I believe hiding information necessary to perform such tests is a parallel mindset to "security through obscurity". It aims to protect our information by attempting to keep our attackers ignorant, and ourselves as well as a side-effect. It is important that the security of our internet and information systems is based on knowledge and sound principle rather than self-imposed ignorance.
If you refer to the LQ rule about cracking with this, this has nothing to do with ignorance, it is because of legal issues.
Clue is like below
" http://linux.die.net/man/2/chroot "
"This call does not change the current working directory, so that after the call '.' can be outside the tree rooted at '/'. In particular, the superuser can escape from a 'chroot jail' by doing 'mkdir foo; chroot foo; cd ..'."
Note that this is in reference to the chroot system call (manual section 2), and not to the chroot command. While the chroot system call does not change the current working directory, the chroot command does do a chdir() into the jail, so the quoted method does not apply.
Note that this is in reference to the chroot system call (manual section 2), and not to the chroot command. While the chroot system call does not change the current working directory, the chroot command does do a chdir() into the jail, so the quoted method does not apply.
Thanks for making that distinction; however, the exploit is viable even when the current working directory was changed as well, as demonstrated here. A variation of the exploit might also apply to the chroot command. All that is necessary is a file descriptor for a directory outside of the chroot jail.
FWIW, here is a quotation from a post by Anton Chuvakin, Ph.D.:
"... the number of ways that root user can break out of chroot is huge. Starting from simple use of a chroot() call with no chdir() [see code below] to esoteric methods as the creation of your own /dev/hda or /dev/kmem devices, injection code into the running kernel (http://www.big.net.au/~silvio/runtim...m-patching.txt), using open directory handles outside chroot or chroot-breaking buffer overflows."
Quote:
Originally Posted by TobiSGD
If you refer to the LQ rule about cracking with this, this has nothing to do with ignorance, it is because of legal issues.
Are you sure it has nothing to do with ignorance? Regardless, whatever the motive and whoever the cause, the effect is a restriction on public and academic research in anti-security, which is more important to the field of security than to malicious hackers.
If you refer to the LQ rule about cracking with this, this has nothing to do with ignorance, it is because of legal issues.
Are you sure it has nothing to do with ignorance? Regardless, whatever the motive and whoever the cause, the effect is a restriction on public and academic research in anti-security, which is more important to the field of security than to malicious hackers.
This may require a wee bit of explanation. Certain content becomes or may become a liability under the law so without having to test safe-harbor provisions LQ steers clear of certain topics. LQ for example does not condone circumvention of access restrictions as in digital rights management, network access or warez or those actively seeking for what we consider clear cases of "cracking": there are enough sites elsewhere on the 'net that do allow that kind of stuff.
To check if any posted content is in violation of the LQ Rules best use the report button on that post and ask moderators for a verdict.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.