Breaking out of chroot

From: Måns Rullgård (mru_at_users.sourceforge.net)
Date: 08/25/03

• Next message: Gianni Mariani: "Re: What protects Unices from Virus like attacks ??"
• Previous message: Teggy P Veerapen: "Solaris make to process recursive macro"
• In reply to: Lew Pitcher: "Re: What protects Unices from Virus like attacks ??"
• Next in thread: Floyd Davidson: "Re: Breaking out of chroot"
• Reply: Floyd Davidson: "Re: Breaking out of chroot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Mon, 25 Aug 2003 17:36:14 +0200

Lew.Pitcher@td.com (Lew Pitcher) writes:

>>> How do you get out of a chroot ?
>>
>>First, you need to gain root access.
>
> OK, Måns, Two things:
> 1. How do you gain root access? Especially while in a chroot jail?

Presumably through some bug in a program. You will object this is
supposed to be impossible, but it is supposed to be equally impossible
to gain root privileges outside of a chroot. If that were true, why
would we bother with chroot in the first place? Since exploits
obviously exist, what is to prevent them from existing inside the
chroot. Admittedly, the risk of having a buggy program inside the
chroot is smaller, since there are typically less programs there, and
putting SUID root programs in there wouldn't be very wise. Still,
there could be kernel bugs, and these are always present.

> 2. So, you're not saying that a chroot jail is escapable /on it's own/.
> You're saying that a chroot jail is escapable if you can break other
> security measures while in a chroot jail.

Well, wasn't the point of the chroot jail to protect the system, even
if security is broken inside? I only showed that chroot is useless
for this purpose.

-- 
Måns Rullgård
mru@users.sf.net

---

• Next message: Gianni Mariani: "Re: What protects Unices from Virus like attacks ??"
• Previous message: Teggy P Veerapen: "Solaris make to process recursive macro"
• In reply to: Lew Pitcher: "Re: What protects Unices from Virus like attacks ??"
• Next in thread: Floyd Davidson: "Re: Breaking out of chroot"
• Reply: Floyd Davidson: "Re: Breaking out of chroot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: What protects Unices from Virus like attacks ?? ... you need to gain root access. ... OK, Måns, Two things: ... Especially while in a chroot jail? ... you're not saying that a chroot jail is escapable /on it's own/. ... (comp.unix.questions) Re: What protects Unices from Virus like attacks ?? ... you need to gain root access. ... OK, Måns, Two things: ... Especially while in a chroot jail? ... you're not saying that a chroot jail is escapable /on it's own/. ... (comp.unix.programmer) Re: Breaking out of chroot ... Especially while in a chroot jail? ... >to gain root privileges outside of a chroot. ... in the security system. ... (comp.unix.programmer) Breaking out of chroot ... you need to gain root access. ... Especially while in a chroot jail? ... to gain root privileges outside of a chroot. ... Måns Rullgård ... (comp.unix.programmer) Re: Need advice on setting of an SSH server for untrusted users ... > I've just set up an ssh server so that my customers can download code ... I've set up ssh so that it requires rsa authentication. ... There is a patch for openssh that will cause it to do a chroot like ... The issue with a chroot jail for ssh is that you have to hand-roll the ... (comp.os.linux.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.unix.questions  > 2003-08