The Savannah Compromise - what really happened?
Posted Jan 2, 2004 5:24 UTC (Fri) by dlang
(✭ supporter ✭
In reply to: The Savannah Compromise - what really happened?
Parent article: The Savannah Compromise - what really happened?
if you are root inside a chroot jail and the chroot has access to /proc, or anything in the chroot has access to file handles pointing outside the jail, or the system will honor raw access to a device from within that jail then the attacker has a way out of the jail.
the biggest problem is that even if you don't put any software in the chroot the attacker can install their own so they can then issue the mount command (along with the correct device info) to the kernel and the kernel will allow the access becouse you are root.
useing chroot can't prevent an attacker from getting into a system, but it is one more thing that they need to deal with to really get control of the system (and the more you strip down the chroot sandbox the more work it takes to break out and the less vunerable you are to automated attacks)
to post comments)