[ale] chroot and /proc?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Apr 1 17:16:31 EDT 2008
On Tue 2008-04-01 14:36:23 -0400, Brian Pitts wrote:
> You can only muck around in /proc if you have root access. It's my
> understanding that if you have root access, you can get out of a chroot.
Brian's got it here. If your daemon is running with superuser
privileges within the chroot, it can mount proc wherever and whenever
it wants anyway:
mkdir /wherever
mount -t proc proc /wherever
and then do whatever it wants to with it.
Furthermore, if yer daemon is compromised as the root user, it can do
nasty things like zero out your primary hard disk, chrooted or not:
mknod /proxy-for-hda b 3 0
dd if=/dev/zero of=/proxy-for-hda
/proc is really useful, and is well-locked-down from the kernel's
side. There are weaker links to worry about.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/ale/attachments/20080401/9a9b0bf7/attachment-0001.bin
More information about the Ale
mailing list