ftpd authentication [PATCH] ftpd: NOMMU/chroot fix
Morten Kvistgaard
MK at pch-engineering.dk
Thu Jun 26 11:37:32 UTC 2014
>> ...
>> execve("proc/self/exe", ["ftpd", "-l", "/"], [/* 9 vars */]) = -1
>> ENOENT (No such file or directory) ...
>
>This is strange. Any ideas why this fails on your machine?
Yes, the fchdir(G.root_fd) is not enough to break the jail. (And it's not just my machine. It's all of our Ubuntu versions and all of our uClinux versions. Which made me assume that it was a general issue.)
There's a nice quote, I think: Ref: http://m.oschina.net/blog/113399. (One of the first hits on google. There're prolly better sources.)
===========================================
/* Partially break out of the chroot jail by doing an fchdir()
This only partially breaks out of the chroot() jail since whilst
our current working directory is outside the chroot jail, our
root directory is still within it. Thus anything which refers to
"/" will refer to files under the chroot point.
*/
if (fchdir(dir_fd)<0) {
fprintf(stderr, "Failed to fchdir - %s\n",
strerror(errno));
exit(1);
}
===========================================
You still need to set the root back in place. Eg.
chroot(".");
Slightly better source perhaps: http://linux-vserver.org/Secure_chroot_Barrier (Second hit in my google.)
--
This message has been scanned for viruses and dangerous content by CronLab
(www.cronlab.com), and is believed to be clean.
More information about the busybox
mailing list