Talk:PRoot
Latest comment: 16 July 2014 by Cedric-vincent in topic Special paths
Special paths
Are /proc, /sys, and /dev accessible inside a proot?
- No paths from the actual rootfs are accessible in the guest rootfs, unless they are explicitly bound (c.f. -b, -R, and -S options).
Is privilege escalation possible?
- PRoot relies on ptrace, an unprivileged feature not known to be a privilege escalation vector. Moreover, the Linux kernel does not allow a ptraced process to gain privileges, even when it is legit (like with setuid binaries):
$ proot ping localhost ping: icmp open socket: Operation not permitted
$ proot -0 ping localhost ping: icmp open socket: Operation not permitted
- Although, it is possible to escape from a proot-ed environment, by killing proot explicitly for instance:
host-shell$ proot -R ubuntu-core-14.04-core-amd64 bash guest-shell$ xeyes & [1] 32284 guest-shell$ grep Tracer /proc/self/status TracerPid: 32278 guest-shell$ kill -9 32278 Killed
- In this example, "xeyes" process is still alive and not managed (ie. isolated) by proot anymore. This could be easily fixed but proot does not aim to be used for security purpose.
- I hope this helps. Regards,
- Cedric-vincent (talk) 19:37, 16 July 2014 (UTC)