Escaping chroot or Sandbox

Privilege separation can be implemented using a sandboxing strategy in which users interact with a virtualized environment within software running on the system instead of interacting directly with system components. There are some strategies for “escaping” virtual environments and gaining access to the underlying system components.

Attack Vector

This category focuses on finding a vulnerability in a specific piece of software. In order to preform this attack, the attacker must be inside a sandbox which contains a vulnerability. These vulnerabilities can range from simple misconfigurations to highly complex software security issues.


The impact can range from mild information leakage to full arbitrary code execution. The impact is decided by the nature of the vulnerability as well as the placement of the vulnerable software. Known vulnerabilities are often filed under a vulnerability category or even with an “impact score”.


Preventing sandbox breakout is mostly a software security issue. Proper configuration of the chroot (or other sandboxing software) is also important.

Tips for Demonstration

In order to demonstrate this attack:

  • Show that you are in a sandboxed environment
  • Explain how the sandbox limits your access to underlying system components
  • Show that you can breakout of the sandbox and access underlying system components
  • Show that your access has increased in some way as a result of your attack

Other resources

wschor, srowley1