[14567] in bugtraq
Re: response to the bugtraq report of buffer overruns in imapd
daemon@ATHENA.MIT.EDU (Henrik Nordstrom)
Wed Apr 19 04:26:37 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38FCC258.24989AAE@hem.passagen.se>
Date: Tue, 18 Apr 2000 22:15:20 +0200
Reply-To: hno@HEM.PASSAGEN.SE
From: Henrik Nordstrom <hno@HEM.PASSAGEN.SE>
X-To: Mark Crispin <MRC@CAC.WASHINGTON.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
Mark Crispin wrote:
> Last but not least, I am very interested in Kris Kennaway's claim that "It may
> also be possible to break out of the chroot jail on some platforms." If true,
> it represents a huge root-level security hole on those platforms. I simply do
> not believe the claim. I would like to know if there is some substance to
> this claim, or if it was mere speculation.
If you can get root privilegies inside the jail then breaking out is a
trivial matter on most systems.
On some systems you might be able to break out without root privilegies
if there is a filehandle open to outside the jail. Especially so if
there is a filedescriptor to a directory.
--
Henrik Nordstrom
