chroot() and jail() cells are not perfect. while you have reduced the
number of moving parts, parts vulnerable to buffer overflows, you are
still going to have some code that is quite possibly exploitable, via an
{buffer|stack|heap} overflow, a format string exploit, configuration
issue, what have you. accept this as fact. it is, after all, why you put
the code in the restricted environment, to minimize the damage that will
come when it is abused.
getting out of such an environment is well documented. here are some great
pages on the subject:
http://www.bpfh.net/simes/computing/chroot-break.html
http://lists.jammed.com/pen-test/2001/07/0134.html
http://www.linuxsecurity.com/feature_stories/feature_story-99.html
http://www.linuxgazette.com/issue30/tag_chroot.html
http://archives.neohapsis.com/archives/nfr-wizards/1997/11/0091.html
http://lsd-pl.net/papers.html
search packetstormsecurity.org, etc ... its not perfect, but well done its
a severe impediment to abusing the system outright.
___________________________
jose nazario, ph.d. joseat_private
http://www.monkey.org/~jose/
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 21:03:33 PDT