chroot syscall spoofing

[samliddicott]

proot passes through chroot syscall, with appropriate path fixups.

can proot alternatively spoof the chroot syscall? For cases where proot is needed chroot is often not available.

It would mean tracking a chroot path to always be suffixed to the root path (of the -r option).

The chroot syscall argument when an absolute path would be normalised so that excess .. cannot escape above the root, and then store in the chroot field.

The chroot syscall argument when a relative path to cwd can escape the chroot but not into or via the root path (-r).

The same rules would apply to other path translations, but root and chroot elements would be used; though I guess they could just accept the concatenation of those elements -- which perhaps indeed could be one field, with the chroot path being a pointer partway into that field.

[vincenthage]

Hi there, You could achieve this with an extension that acts in 2 steps:

1. Intercept the chroot system call through the SYSCALL_ENTER_END event in order to remember the argument given to chroot, and also disable the system call itself because you want to spoof it and not let it return an error.
2. Change and check all paths through the GUEST_PATH and HOST_PATH events (see here for what they mean). With these you can append the chroot argument and verify if it holds or is invalid.

The only issue I see here is with detecting when the chroot jail is stopped. Maybe by detecting when Ctrl + C or exit are typed in. If you have control over the program that uses PRoot, you could spark a certain event yourself that it could use as a stop command.

[samliddicott]

The chroot jail is stopped when chroot is called on a relative directory (usually one opened and saved before chroot) and the chroot is set to another alternative absolute path -- usually /

(I'm assuming that each process gets it's own state, that is forked, and preserved on exec)

[AkihiroSuda]

Any update on this?