From news@myrus.com Wed Aug 28 02:43:29 1996 Received: from xeno.myrus.com (root@xeno.myrus.com [206.47.216.11]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id CAA16397 for ; Wed, 28 Aug 1996 02:42:07 +1000 Received: from myrus.com (gateway.myrus.com [206.47.216.10]) by xeno.myrus.com (8.7.4/8.7.3) with ESMTP id MAA25412 for ; Tue, 27 Aug 1996 12:41:38 -0400 Received: (from news@localhost) by myrus.com (8.7.5/8.7.3) id MAA08401; Tue, 27 Aug 1996 12:41:31 -0400 Path: fludd.myrus!news From: zblaxell@myrus.com (Zygo Blaxell) To: best-of-security@suburbia.net Subject: Re: BoS: Linux chmod (1) security hole Date: 27 Aug 1996 12:41:26 -0400 Organization: Smoke & Myrus Design, Inc. Lines: 32 Message-ID: <4vv8fm$86b@fludd.myrus> References: NNTP-Posting-Host: fludd.myrus In article , Elliot Lee wrote: >On Tue, 27 Aug 1996, Ivan Buttinoni - BOS wrote: > >> Environment: >> Linux 2.0.13 >> libc.so.5 => libc.so.5.2.18 >> gcc version 2.7.2 >> >> Action: >> bash# cd / >> bash# chroot /restricted/area /bin/bash >> shell-init: could not get current directory: getwd: cannot access parent >> directories >> >> Problem: >> After 'Action', I'm not in "/restricted/area", I'm in the real "/"! > >This is known "problem". You are supposed to cd /restricted/area before >chrooting to it. No, you're supposed to cd / after chrooting to it. Otherwise, '..' gives you a link to /restricted, from which you can obtain everything else. Hmmm...that may not be true of Linux these days; it's true of Solaris and (so I hear) most vendor OSes. -- Zygo Blaxell. Unix/soft/hardware guru, was for U of Waterloo CS Club, now for (name withheld by request). 10th place, ACM Intl Collegiate Programming Contest Finals, 1994. Admin Linux/TCP/IP for food, clothing, anime. Pager: 1 (613) 760 8572. "I gave up $1000 to avoid working on windoze... *sigh*" - Amy Fong