Escaping a Chroot Jail







Risk Rating:


A very well-documented method for escaping a chroot jail involves a few key components. First, it requires the daemon, or user within the environment, to be running as root or for a vulnerability or functionality that allows it to assume root permissions. Second, it requires the creation of a new folder within the environment. The user or daemon then changes directories into that folder and sets that folder as the new chroot directory. Third, the user then performs a cd .., escapes the chroot environment, and is now able to navigate the true file system and even has root access. This is a very bad state of affairs indeed.

In addition to the above-mentioned, well-known exploit, several others are worth mentioning:

• Load a kernel module (CAP_SYS_MODULE is required)

• Ptrace() code injection (see also phrack 59)

• Mount syscall abuse to access virtual file systems (procfs, devfs, devpts) (CAP_ SYS_ADMIN is required)

• Abuse sysctl() to set a fake modprobe path

• Others with uid=0: direct access to I/O ports, sniff network coms, impersonate a local service such as sshd or telnetd, or administer netfilter rules to do man-in-the-middle attacks on incoming and/or outgoing connections

• Others with uid!=0: exploit local services, exploit kernel vulnerabilities, and exploit application-specific entry points

However, in looking at the high-level steps involved in escaping the jail, it is evident that problems begin as soon as the user or daemon obtains root access and is further exacerbated by allowing the chroot() function to run from within the jail. This likely happened as a result of a programmer shortcut, a lack of foresight into the types of utilities included in the jail, a vulnerability in one of the applications, or due to poor configuration of the jail on setup. All are the result of human error or lack of proper administration.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment