Re: sys_chroot+sys_fchdir Fix

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: David Newall <david@...>

To: Alan Cox <alan@...>

Cc: Bill Davidsen <davidsen@...>, majkls <majkls@...>, <bunk@...>, <linux-kernel@...>

Subject: Re: sys_chroot+sys_fchdir Fix

Date: Wednesday, September 19, 2007 - 6:24 pm

> Normal users cannot use chroot() themselves so they can't use chroot to
quoted text> get back out

I think Bill is right, that this is to fix a method that non-root 
processes can use to escape their chroot. The exploit, which is 
documented in chroot(2)*, is to chdir("..") your way out. Who'd have 
thought it? Only root can do that, but even that seems wrong. Chroot 
should be chroot and that should be the end of it.

It looks to me like Miloslav has found a bug, although I suspect there's 
a simpler solution because non-root is already prevented from escaping 
this way.

David

* In particular, the superuser can escape from a ‘chroot jail’ by doing 
‘mkdir foo; chroot foo; cd ..’.

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

sys_chroot+sys_fchdir Fix, majkls, (Wed Sep 19, 3:19 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 19, 5:40 am)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Wed Sep 19, 2:27 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 19, 2:45 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 19, 6:24 pm)

Re: sys_chroot+sys_fchdir Fix, Phillip Susi, (Fri Sep 21, 1:39 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Fri Sep 21, 2:10 pm)

Re: sys_chroot+sys_fchdir Fix, Phillip Susi, (Tue Sep 25, 4:53 pm)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Tue Sep 25, 8:23 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 6:34 am)

Re: sys_chroot+sys_fchdir Fix, Christer Weinigel, (Wed Sep 26, 3:24 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 5:19 pm)

Re: sys_chroot+sys_fchdir Fix, Christer Weinigel, (Thu Sep 27, 3:28 am)

Re: sys_chroot+sys_fchdir Fix, Theodore Tso, (Thu Sep 27, 7:23 am)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Thu Sep 27, 10:36 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 27, 9:06 pm)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Wed Sep 26, 5:55 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 7:35 pm)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Wed Sep 26, 8:01 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 27, 2:42 am)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Thu Sep 27, 2:53 am)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Wed Sep 26, 11:59 pm)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Wed Sep 26, 2:40 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 7:21 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 7:22 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 7:38 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 7:56 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 10:10 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 12:54 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 1:04 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 1:18 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 1:29 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 1:28 pm)

Re: sys_chroot+sys_fchdir Fix, Chris Adams, (Wed Sep 26, 11:03 am)


linux-kernel:
Linus Torvalds	Linux 2.6.27-rc8
Rafael J. Wysocki	2.6.27-rc4-git1: Reported regressions from 2.6.26
David Miller	[GIT]: Networking
Greg KH	[GIT PATCH] driver core patches against 2.6.24
git:
Miklos Vajna	[rfc] git submodules howto
Catalin Marinas	Re: [StGIT PATCH] Don't use patches/<branch>/current
Lars Hjemli	[ANNOUNCE] cgit 0.8
Junio C Hamano	Re: [RFC] introduce GIT_WORK_DIR environment variable
openbsd-misc:
rezidue	Speed Problems
Chris	Prolific USB-Serial Controller
Richard Daemon	Nfsen and php problems...?
Richard Stallman	Real men don't attack straw men
linux-netdev:
Jarek Poplawski	[PATCH take 2] pkt_sched: Protect gen estimators under est_lock.
Steve Glendinning	[PATCH] SMSC LAN911x and LAN921x vendor driver
Arjan van de Ven	Re: [GIT]: Networking
Denys	r8169 crash


the kernel how to power off the machine	8 hours ago	Linux kernel
struct gendisk via request_queue	10 hours ago	Linux kernel
usb mic not detected	13 hours ago	Applications and Utilities
page initialization during kernel initialization	1 day ago	Linux kernel
Read Transport Layer Data form network packets (tcp/ip)	2 days ago	Linux kernel
Getting blinking screen in Fedora 9	2 days ago	Linux general
Problem with kernel + libata	2 days ago	Linux kernel
How to detect usb device insertioin and removal event ?	3 days ago	Linux general
toshiba m30x-129 herbinaiton problem	3 days ago	Hardware
some questions regarding implement new congestion algorithm in kernel	3 days ago	Linux kernel

Re: sys_chroot+sys_fchdir Fix

Online users