There are lots of other ways for root to escape from a chroot jail.
For example: Take control of another process using ptrace, mknod a new
device, use the loopback filesystem to create new devices, mount /proc and
modify /dev/kmem, bind to privileged ports and escape over the network,
kill servers and re-bind to their addresses, mount a new filesystem,
bang on IPC or shared memory, load a loadable kernel module, directly
access hardware with iopl(), and so on.
Moreover, note that chrooted root processes can do lots of other harm:
kill all the rest of the processes on the box, set the time of day,
set the local hostname, reboot your machine, use sysctl to turn on
some dangerous option (e.g., IP forwarding), renice other processes,
and the like. This is probably not so good, either.
Chroot is a lot better than nothing, but it doesn't provide a
secure jail, especially not for root. However, the following
tools are intended to provide a secure jail, and may be of interest
to you: SubDomain (http://www.immunix.org/subdomain.html), Janus
(http://www.cs.berkeley.edu/~daw/janus/), and BSD's jail() system call
come to mind. Also, may I point you to the Linux Security Modules project
(http://lsm.immunix.org/)? I think you may find it of interest.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/