From: edward_at_paradigm4.com.au
Date: Thu 07 Feb 2002 - 03:28:21 GMT

• Next message: Philip Snyder: "[vserver] Kill script"
• Previous message: edward_at_paradigm4.com.au: "Re: [vserver] Re: [useradd] Adding user fails in vserver"
• In reply to: Nick Craig-Wood: "Re: [vserver] Re: [useradd] Adding user fails in vserver"
• Next in thread: edward_at_paradigm4.com.au: "Re: [vserver] Re: [useradd] Adding user fails in vserver"

On Wednesday, 6 February 2002 at 20:35, Nick Craig-Wood wrote:

> I wrote a proof of concept exploit which will break any chroot
> provided the user that runs it has CAP_CHROOT. I'll email the exploit
> to you if you want.

yes please do.

> > If you did chdir("/") after the first chroot, subsequent chroot and
> > chdir("..") will not get you out.
>
> Unfortunately it will. Assume you've done all your chrooting magic.
> Now cd / (in the chroot). Chroot into /tmp. Your current working
> directory is now above your root directory. You can now cd .. with
> impunity and when you've got where you want to be, chroot ".".

Thanks, Jacques already explained it to me.

Ed

• Next message: Philip Snyder: "[vserver] Kill script"
• Previous message: edward_at_paradigm4.com.au: "Re: [vserver] Re: [useradd] Adding user fails in vserver"
• In reply to: Nick Craig-Wood: "Re: [vserver] Re: [useradd] Adding user fails in vserver"
• Next in thread: edward_at_paradigm4.com.au: "Re: [vserver] Re: [useradd] Adding user fails in vserver"