using chroot option for ntpd
Martin Pitt
martin.pitt at ubuntu.com
Sat Jul 23 18:35:52 CDT 2005
Hi!
Zach [2005-07-23 17:27 -0400]:
> But you still need the device node to mount or else have mknod, right?
So what, use mknod(2) to create it. :-)
> At any rate chrooting a service running as root, I do not believe is
> a pointless endeavor. Am I wrong on this?
mount(2) should work in most cases. Another method is to call fchdir()
on an open file descriptor that lives outside the chroot, then call
chdir("..") a couple of times, and then call chroot("."). This works
for processes that communicate with the outside world; if that is not
the case, then you can even create your own fake "outside directory" by
creating a directory, opening it, chrooting into it, and then using
the descriptor of that directory as your "outside file".
I have heard that there are some more ways to break out which involve
shared memory and pivot_root(), but I don't know the details of these.
Google should help. :-)
Kernel patches like grsecurity have some very cool counter measures
against breaking out of a chroot, which make escaping at least much
harder. With the default Linux kernel there is no hope, though; root
is just almighty.
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20050724/a7bce750/attachment.pgp
More information about the ubuntu-devel
mailing list