Subject: Re: Escaping a chroot jail
To: None <>
From: Christos Zoulas <>
List: tech-security
Date: 07/14/2005 02:25:49
In article <>,
Thor Lancelot Simon  <> wrote:
>On Wed, Jul 13, 2005 at 11:13:16PM +0200, Edgar Fu? wrote:
>> I discussed this with Wolfgang Solfrank last week, and he suggested
>> I might communicate it to the security officer, who in turn suggested
>> discussing it here:
>> Is everybody aware of the fact that you should be able to escape a chroot jail
>> (given root privilleges and the ability to execute arbitrary code) simply
>> by doing a mknod() for the root file systems raw device inside the jail
>> and then emulating the file system?
>"Emulating" the file system?

He probably means accessing the root file system through the raw device
and using code that understands the filesystem format and can modify it.
[e.g. a copy of fsdb].