Date: Thu 07 Feb 2002 - 03:28:21 GMT
On Wednesday, 6 February 2002 at 20:35, Nick Craig-Wood wrote:
> I wrote a proof of concept exploit which will break any chroot
> provided the user that runs it has CAP_CHROOT. I'll email the exploit
> to you if you want.
yes please do.
> > If you did chdir("/") after the first chroot, subsequent chroot and
> > chdir("..") will not get you out.
> Unfortunately it will. Assume you've done all your chrooting magic.
> Now cd / (in the chroot). Chroot into /tmp. Your current working
> directory is now above your root directory. You can now cd .. with
> impunity and when you've got where you want to be, chroot ".".
Thanks, Jacques already explained it to me.