Subject: Re: chroot(2)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Warner Losh <imp@village.org>
List: tech-kern
Date: 10/05/1998 16:46:22
In message <199810021351.JAA21240@Twig.Rodents.Montreal.QC.CA> der Mouse writes:
: Something else - the only ways out of a chroot jail I know of depend on
: already having a file descriptor open on a directory outside the jail.
: Assuming you're in the jail without such an fd, it is possible to
: create such a situation if you can chroot to a subdirectory within the
: jail. As it stands, that requires cracking root within the jail....
This is one of the multitude of problems that exist for chroot.
The other is that you can create dev entries and thus gain access to
the entire machine.
Add to the list presented so far:
Shouldn't be able to load modules into the kernel.
Warner