using chroot option for ntpd
Martin Pitt
martin.pitt at ubuntu.com
Sat Jul 23 15:37:28 CDT 2005
Hi!
Zach [2005-07-22 21:13 -0400]:
> The trick to making a chroot work is not providing any programs inside
> the chroot that can be used to escape it, and not providing a way to
> copy utilities to the system (which is the hard part). For example if
> the chroot contains mknod and the mount command (and dependencies)
> the attacker (after gaining access) would attempt to mount /dev/hda1
> to a mount point inside the chroot, at which point the attacker has
> effectively "escaped" the chroot.
You don't need to provide the usual programs in a chroot to escape.
You can e. g. mount a device using the system call mount(2).
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
More information about the ubuntu-devel
mailing list