Escaping my own chroot...
Jean-Paul Calderone
exarkun at divmod.com
Wed Feb 11 11:35:32 EST 2009
On Wed, 11 Feb 2009 09:31:56 -0600, Nick Craig-Wood <nick at craig-wood.com> wrote:
>r0g <aioe.org at technicalbloke.com> wrote:
>> I'm writing a linux remastering script in python where I need to chroot
>> into a folder, run some system commands and then come out and do some
>> tidying up, un-mounting proc & sys etc.
>>
>> I got in there with os.chroot() and I tried using that to get back out
>> but that didn't work so... is my script trapped in there forever now or
>> is there an un-hacky way to escape?
>
>No!
>
If you still have root in the chroot (and you need root to get in there, so
it's not implausible that you will), then you can get out. Googling for
"escape chroot" turns up lots of hits. This page contains a fairly simple,
explicit description of how to get out of a chroot:
http://www.bpfh.net/simes/computing/chroot-break.html
See the bulleted list in the "Breaking chroot()" section. Since you also
control the process before the chroot happens, breaking out is even simpler
in your case (just open / before you chroot in the first place). forking
before doing the chroot may still be a good idea, but it's not the only
solution.
Jean-Paul
More information about the Python-list
mailing list