The security administrator is analyzing a user’s history file on a Unix server to determine if the
user was attempting to break out of a rootjail. Which of the following lines in the user’s history log
shows evidence that the user attempted to escape the rootjail?

A.
cd ../../../../bin/bash

B.
whoami

C.
ls /root

D.
sudo -u root

Explanation:
On modern UNIX variants, including Linux, you can define the root directory on a perprocess
basis. The chroot utility allows you to run a process with a root directory other than /.
The root directory appears at the top of the directory hierarchy and has no parent: A process
cannot access any files above the root directory (because they do not exist). If, for example, you
run a program (process) and specify its root directory as /home/sam/jail, the program would have
no concept of any files in /home/sam or above: jail is the program’s root directory and is labeled /
(not jail).
By creating an artificial root directory, frequently called a (chroot) jail, you prevent a program from
accessing or modifying—possibly maliciously—files outside the directory hierarchy starting at its
root. You must set up a chroot jail properly to increase security: If you do not set up the chroot jail
correctly, you can actually make it easier for a malicious user to gain access to a system than if
there were no chroot jail.
The command cd .. takes you up one level in the directory structure. Repeated commands would
take you to the top level the root which is represented by a forward slash /. The command
/bin/bash is an attempt to run the bash shell from the root level.