What chroot() is really for
What chroot() is really for
Posted Oct 5, 2007 15:47 UTC (Fri) by jond (subscriber, #37669)In reply to: What chroot() is really for by Klavs
Parent article: What chroot() is really for
Non-executable /tmp can be trivially circumvented by calling the loader with your binary as an argument.
Posted Oct 5, 2007 22:04 UTC (Fri)
by giraffedata (guest, #1954)
[Link]
Then you'd probably want to make sure that loader isn't present in your chroot jail. I assume you're talking about glibc's ld-linux.so, which is an essential part of running programs that use dynamically linked libraries. Chroot jails I've seen have statically linked programs and don't need it.
Incidentally, if this is really an issue -- people want to have shared libraries within a chroot jail and still stop people from running programs they created themselves in /tmp -- it would not be hard to disable ld-linux.so's ability to run programs like that. The ability to exec ld-linux.so is a frill added to its basic function as a Linux program interpreter that runs when you exec something else.
Posted Oct 11, 2007 8:48 UTC (Thu)
by tbleher (guest, #48307)
[Link]
That was true some years ago. Nowadays ld-linux.so fails if it is called
What chroot() is really for
Non-executable /tmp can be trivially circumvented by calling the loader with your binary as an argument.
> Non-executable /tmp can be trivially circumvented by calling the loaderWhat chroot() is really for
> with your binary as an argument.
on a binary on a non-executable mount.