-   Linux - Security (
-   -   Breaking out of Chroot (

Aeiri 02-21-2005 10:21 PM

Breaking out of Chroot
Does anyone know if this has been fixed with newer versions of Linux? If so, which versions are required?

Capt_Caveman 02-26-2005 02:10 PM

I'm not sure if these have been directly addressed in recent kernel versions, but I do know that the original SELinux framework prevents fchdir() chroot attacks because the type security labels won't allow access outside of the chroot. However, SELinux is still not fully mature and I'm not sure how much of this has been integrated yet. If you're trying to lock down your chroot, take a look at grsecurity. It has some really nice features that prevent fchdir(), piviot_root, double chroot, as well as a number of other restrictions.

All times are GMT -5. The time now is 07:07 AM.