Breaking out of a chroot() padded cell

klaus++ 8/09/2015

Breaking out of a chroot() padded cell
▻http://www.bpfh.net/simes/computing/chroot-break.html

This page details how the chroot() system call can be used to provide an additional layer of security when running untrusted programs. It also details how this additional layer of security can be circumvented.

Is #chroot a security feature? | Red Hat Security
▻https://securityblog.redhat.com/2013/03/27/is-chroot-a-security-feature

The basic idea is that you can run a process inside of a chroot where it will not have access to various system resources; however, chroot is not a security feature. Let’s find out why.

Best Practices for UNIX chroot() Operations
▻http://www.unixwiz.net/techtips/chroot-practices.html

Background
Breaking out of Jail
General principles
Other References

#sécurité #linux #serveur

klaus++