Escaping chroot jails Why? Chroot jails come up in writing - - PowerPoint PPT Presentation

escaping chroot jails
SMART_READER_LITE
LIVE PREVIEW

Escaping chroot jails Why? Chroot jails come up in writing - - PowerPoint PPT Presentation

May 12, 2023 247 likes •372 views

Escaping chroot jails Why? Chroot jails come up in writing exploits, CtF competitions, etc. In the context of this class, a good intro to basic UNIX concepts UNIX 101 man man man 2 chroot Users (UID 0 is root)

slide-1
SLIDE 1

Escaping chroot jails

slide-2
SLIDE 2

Why?

  • Chroot jails come up in writing exploits, CtF

competitions, etc.

  • In the context of this class, a good intro to basic

UNIX concepts

slide-3
SLIDE 3

UNIX 101

  • “man man”
  • “man 2 chroot”
  • Users (UID 0 is root)
  • Tree of processes, with owners

– pstree, ps, top

  • Tree of files and directories, with owners and

permissions

– ls, tree

slide-4
SLIDE 4

Explore in the shell a little bit...

slide-5
SLIDE 5
slide-6
SLIDE 6

After you boot

  • Authentication

– Ties a person to a process – Typically involves entering username and password

slide-7
SLIDE 7

chroot jail

  • Intended to keep a process in its own root

directory

– E.g., to keep them out of /home directory

  • Not intended to keep a superuser who can run

arbitrary code contained, but people try to use it for that

– FreeBSD has a stronger jail concept, or use Linux

Containers

slide-8
SLIDE 8

Putting ourselves in a chroot jail...

slide-9
SLIDE 9

Breaking out of it...

  • Build a new jail inside the one you're in
  • Request that the new jail be your jail

– Okay because it's smaller and inside the one you're

currently in

  • Ask to go anywhere you want in the system

– Not a problem, because you're not in your jail

anyway so you're not getting let out

slide-10
SLIDE 10

Explore both versions of the C code...

slide-11
SLIDE 11

References

  • https://filippo.io/escaping-a-chroot-jail-slash-1/