从内部检测chroot监狱 [英] Detecting a chroot jail from within

问题描述

如何在没有root特权的情况下检测到处于chroot监狱中?假设一个标准的BSD或Linux系统.我想到的最好的办法是查看"/"的inode值，并考虑它是否相当低，但是我想要一种更准确的检测方法.

How can one detect being in a chroot jail without root privileges? Assume a standard BSD or Linux system. The best I came up with was to look at the inode value for "/" and to consider whether it is reasonably low, but I would like a more accurate method for detection.

[edit 20080916 142430 EST]仅浏览文件系统是不够的，因为复制/boot和/dev之类的东西来欺骗被监禁的用户并不困难.

[edit 20080916 142430 EST] Simply looking around the filesystem isn't sufficient, as it's not difficult to duplicate things like /boot and /dev to fool the jailed user.

[edit 20080916 142950 EST]对于Linux系统，检查/proc中的意外值是合理的，但是首先不支持/proc的系统呢?

[edit 20080916 142950 EST] For Linux systems, checking for unexpected values within /proc is reasonable, but what about systems that don't support /proc in the first place?

推荐答案

/的inode如果它是文件系统的根目录，则将始终为2，但是您可能会在完整的文件系统中使用chroot.如果只是chroot(而不是其他一些虚拟化)，则可以运行mount，并将已挂载的文件系统与看到的内容进行比较.验证每个安装点都有索引节点2.

The inode for / will always be 2 if it's the root directory of a filesystem, but you may be chrooted inside a complete filesystem. If it's just chroot (and not some other virtualization), you could run mount and compare the mounted filesystems against what you see. Verify that every mount point has inode 2.

这篇关于从内部检测chroot监狱的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！