Re: sys_chroot+sys_fchdir Fix

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: David Newall

Date: Wednesday, September 19, 2007 - 3:24 pm

> Normal users cannot use chroot() themselves so they can't use chroot to
quoted text> get back out

I think Bill is right, that this is to fix a method that non-root 
processes can use to escape their chroot. The exploit, which is 
documented in chroot(2)*, is to chdir("..") your way out. Who'd have 
thought it? Only root can do that, but even that seems wrong. Chroot 
should be chroot and that should be the end of it.

It looks to me like Miloslav has found a bug, although I suspect there's 
a simpler solution because non-root is already prevented from escaping 
this way.

David

* In particular, the superuser can escape from a ‘chroot jail’ by doing 
‘mkdir foo; chroot foo; cd ..’.

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

sys_chroot+sys_fchdir Fix, majkls, (Wed Sep 19, 12:19 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 19, 2:40 am)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Wed Sep 19, 11:27 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 19, 11:45 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 19, 3:24 pm)

Re: sys_chroot+sys_fchdir Fix, Phillip Susi, (Fri Sep 21, 10:39 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Fri Sep 21, 11:10 am)

Re: sys_chroot+sys_fchdir Fix, Phillip Susi, (Tue Sep 25, 1:53 pm)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Tue Sep 25, 5:23 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 3:34 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 4:21 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 4:22 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 4:38 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 4:56 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 7:10 am)

Re: sys_chroot+sys_fchdir Fix, Chris Adams, (Wed Sep 26, 8:03 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 9:54 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 10:04 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 10:18 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 10:28 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 10:29 am)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Wed Sep 26, 11:40 am)

Re: sys_chroot+sys_fchdir Fix, Christer Weinigel, (Wed Sep 26, 12:24 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 2:19 pm)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Wed Sep 26, 2:55 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 4:35 pm)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Wed Sep 26, 5:01 pm)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Wed Sep 26, 8:59 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 11:42 pm)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Wed Sep 26, 11:53 pm)

Re: sys_chroot+sys_fchdir Fix, Christer Weinigel, (Thu Sep 27, 12:28 am)

Re: sys_chroot+sys_fchdir Fix, Theodore Tso, (Thu Sep 27, 4:23 am)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Thu Sep 27, 7:36 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 27, 6:06 pm)


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead "CONFIG_" variables
Mark Brown	[PATCH 2/2] Subject: natsemi: Allow users to disable workaround for DspCfg reset
Tony Breeds	[LGUEST] Look in object dir for .config
git:
Brian Downing	Re: Git in a Nutshell guide
John Benes	Re: master has some toys
Matthias Lederhofer	[PATCH 4/7] introduce GIT_WORK_TREE to specify the work tree
Alexander Sulfrian	[RFC/PATCH] RE: git calls SSH_ASKPASS even if DISPLAY is not set
Junio C Hamano	Re: Rss produced by git is not valid xml?
git-commits-head:
Linux Kernel Mailing List	iSeries: fix section mismatch in iseries_veth
Linux Kernel Mailing List	ixbge: remove TX lock and redo TX accounting.
Linux Kernel Mailing List	ixgbe: fix several counter register errata
Linux Kernel Mailing List	b43: fix build with CONFIG_SSB_PCIHOST=n
Linux Kernel Mailing List	9p: block-based virtio client
linux-netdev:
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
David Daney	[PATCH 5/7] Staging: Octeon Ethernet: Convert to NAPI.
Wolfgang Grandegger	[PATCH net-next v4 1/3] can: mscan: fix improper return if dlc < 8 in start_xmi...
Amit Kumar Salecha	[PATCHv3 NEXT 2/2] NET: Add Qlogic ethernet driver for CNA devices
openbsd-misc:
Theo de Raadt	Re: Old IPSEC bug
Tomáš Bodžár	Problem with vpnc connection - check group password !
Insan Praja SW	Mandoc Compiling Error
Carl Roberso	Re: Cannot change MTU of carp interface?
Richard Daemon	Re: booting openbsd on eee without cd-rom