Escaping my own chroot...

Christian Heimes lists at cheimes.de
Wed Feb 11 09:26:31 CET 2009


Dennis Lee Bieber schrieb:
> 	That's the whole purpose of chroot()... As far as the process is
> concerned, the chroot() path is now the top of the file system, so there
> is no where above it you can get to...

Yes, you can get with some hacks.

> chroot() is meant for cases where one may be running a server or such
> that should not permit any outside hacks from reaching above its level.
> Typically one creates a minimal environment of just those commands and
> programs needed by users of the server -- you remove anything that
> offers privileged ability.
> 
> chdir() would be used to change the current directory of the process, so
> any spawned commands would operate in the new directory by default

chroot() must not be understood as a security mechanism like BSD's jail.
   A process can still access resources outside the chroot. Unless the
process drops it's root privileges with setuid() ASAP the process can
escape the chroot'ed environment, too.

chroot() can help with increasing security but it's not bullet proof. By
the way it's a bad idea to mount proc and sys inside a chroot ...

Christian



More information about the Python-list mailing list