Subject: Re: Escaping a chroot jail
To: None <firstname.lastname@example.org>
From: Christos Zoulas <email@example.com>
Date: 07/14/2005 02:25:49
In article <20050713213438.GA14464@panix.com>,
Thor Lancelot Simon <firstname.lastname@example.org> wrote:
>On Wed, Jul 13, 2005 at 11:13:16PM +0200, Edgar Fu? wrote:
>> I discussed this with Wolfgang Solfrank last week, and he suggested
>> I might communicate it to the security officer, who in turn suggested
>> discussing it here:
>> Is everybody aware of the fact that you should be able to escape a chroot jail
>> (given root privilleges and the ability to execute arbitrary code) simply
>> by doing a mknod() for the root file systems raw device inside the jail
>> and then emulating the file system?
>"Emulating" the file system?
He probably means accessing the root file system through the raw device
and using code that understands the filesystem format and can modify it.
[e.g. a copy of fsdb].