Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
RE: [suse-security] chroot
  • From: Boris Lorenz <bolo@xxxxxxx>
  • Date: Wed, 06 Dec 2000 12:47:42 +0100 (MET)
  • Message-id: <XFMail.001206124742.bolo@xxxxxxx>

if a compiler and certain programs are missing in a chroot jail it can be
considered reasonably safe. A possible way for an attacker to break out of such
a jail is to abuse setuid programs such as (older) versions of perl (which is
likely to exist on a webserver for cgi-scripts), or to exploit known
vulnerabilities of other binaries which reside in the chroot'ed area.

There are numerous exploits for other chroot'ed environments for services such
as ftp (see but I doubt wether
these can be adjusted to your situation. Anyway, take a close look on what you
put in the chroot area.

There's some paper discussing ways of escaping the chroot jail under which is quite

Boris <bolo@xxxxxxx>

On 05-Dec-00 Ralf Koch wrote:
> Hi.
> I've just a short question: Does anybody know how secure it is to
> chroot users in a small piece of my server tree?
> We want users to login via ssh and work on a webserver (test scripts
> etc.). They shouldn't see each other even they shouldn't know if they
> are on a real server or in a virtual space that seems and behave in
> most cases like a server. To point it out: Is there a possibility to
> break up the chrooted environment or is it safe to let them login ?
> Thanks in advance
> *
> * Ihr Formel4-Team
> * mailto:info@xxxxxxxxxx

< Previous Next >