On 3/18/08, olafBuddenhagen@gmx.net <olafBuddenhagen@gmx.net> wrote:
> I also find "secure chroot implementation" in the list. IMHO, the
> unsafty of chroot is not caused by passive translator. In fact,
> currently chroot is implemented totally at client side by changing the
> INIT_PORT_CRDIR port matained by in Glibc. So, it is easy to escape
> from chroot by bypassing the file port resolving routine of Glibc, or
> just by modifying the CRDIR port. No need to exploit passive
> translators at all. We should first let the file server know and
> control chroot before making translators aware of it.
That's not true as far as I know. Of course, the process can easily
change it's own idea of what the root directory is. But that doesn't
help escaping the chroot. To access anything outside the chroot, the
process needs a port to the outside filesystem...
You are right. I previously tried to hack Glibc chroot routine to preserve the original root port before changing root, so I can escape, but right, it is certainly what chroot considers and wants to prevent.
Regards,
Wei Shen