chroot
Download
Skip this Video
Download Presentation
Chroot

Loading in 2 Seconds...

play fullscreen
1 / 14

Chroot - PowerPoint PPT Presentation


  • 116 Views
  • Uploaded on

Chroot. Zutao Zhu 10/30/2009. Outline. Task 1 - 4. Hard Link. ln ab.txt cd.txt. Symbolic Link. ln -s ab.txt cd.txt. File Descriptor. How does file descriptor be used? Capability! Use chroot() after fopen() Then fgetc(). chroot and chroot().

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chroot' - tambre


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chroot

Chroot

Zutao Zhu

10/30/2009

outline
Outline
  • Task 1 - 4
hard link
Hard Link
  • ln ab.txt cd.txt
symbolic link
Symbolic Link
  • ln -s ab.txt cd.txt
file descriptor
File Descriptor
  • How does file descriptor be used?
    • Capability!
  • Use chroot() after fopen()
    • Then fgetc()
chroot and chroot
chroot and chroot()
  • Read chroot command manual page and chroot() function manual page.
    • http://ss64.com/bash/chroot.html
    • http://linux.die.net/man/2/chroot
  • Think of the following behavior after chroot command and chroot() function
  • http://www.kegel.com/crosstool/current/chrootshell.c
how does su work
How does su work?
  • What files does su use when authenticating users?
  • http://www.linuxdocs.org/HOWTOs/User-Authentication-HOWTO/x101.html
get out with root privilege
Get out with root privilege
  • Get the root privilege within the jail
  • Copy a shell to the jail
  • Chown the shell to root
  • Chmod the shell to be set-uid
  • Prepare passwd and shadow files
  • Run the program from outside of the jail
break out of a chroot jail
Break out of a chroot jail
  • Background knowledge
    • Current working directory
    • Root directory
  • Most implementations of chroot() not changing the working directory of the process to within the directory the process is now chroot()ed in.
break out of a chroot jail1
Break out of a chroot jail
  • Strategy
    • Open the current working directory
    • Create a temporary directory in its current working directory
    • Change the root directory of the process to the temporary directory using chroot().
    • Perform chdir("..") calls many times to move the current working directory into the real root directory.
    • Change the root directory of the process to the current working directory, the real root directory, using chroot(".")
kill a process
Kill a process
  • The user inside the jail knows the pid of a process running outside of the jail
  • chroot(), chdir(), kill(pid, SIGKILL)
bonus question
Bonus question
  • “Using ptrace allows you to set up system call interception and modification at the user level. “, quoted from http://www.linuxjournal.com/article/6100
  • http://www.lxhp.in-berlin.de/lhpsysc0.html
reference
Reference
  • http://www.bpfh.net/simes/computing/chroot-break.html
  • http://ss64.com/bash/chroot.html
  • http://linux.die.net/man/2/chroot
  • http://www.linuxdocs.org/HOWTOs/User-Authentication-HOWTO/x101.html
ad