Re: Chroot bug

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Adrian Bunk <bunk@...>

Cc: <serge@...>, <davidsen@...>, <philipp@...>, <7eggert@...>, <alan@...>, <linux-kernel@...>

Date: Tuesday, September 25, 2007 - 11:43 am

Adrian Bunk napsal(a):
quoted text> On Wed, Sep 26, 2007 at 12:40:27AM +0930, David Newall wrote:
>
>   
>> Miloslav Semler pointed out that a root process can chdir("..") out of its 
>> chroot.  Although this is documented in the man page, it conflicts with the 
>> essential function, which is to change the root directory of the process.  
>> In addition to any creative uses, for example Philipp Marek's loading 
>> dynamic libraries, it seems clear that the prime purpose of chroot is to 
>> aid security.  Being able to cd your way out is handy for the bad guys, but 
>> the good guys don't need it; there are a thousand better, safer solutions.
>> ...
>>     
>
> The bad guys most likely also now other tricks to escape the chroot.
>
> If you are root in the chroot you can e.g. mount the partition with the 
> root filesystem inside the chroot.
>
> If a bad guy becomes root inside a chroot it's game over.
>   
but why there keep 1000001th. It is same as:
There is milion ways howto dos your system.. Then we needn't repair bugs...
quoted text> cu
> Adrian
>
>   

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: sys_chroot+sys_fchdir Fix, Bodo Eggert, (Thu Sep 20, 7:13 am)

Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 7:59 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 12:06 pm)

Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 12:17 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 2:02 pm)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Thu Sep 20, 4:53 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Fri Sep 21, 4:29 am)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 5:32 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Mon Sep 24, 6:04 pm)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 7:02 pm)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 7:00 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 3:45 am)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Tue Sep 25, 7:49 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 9:58 am)

Chroot bug (was: sys_chroot+sys_fchdir Fix), David Newall, (Tue Sep 25, 11:10 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Bodo Eggert, (Wed Sep 26, 3:23 pm)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Adrian Bunk, (Tue Sep 25, 11:32 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 11:43 am)

Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 12:02 pm)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Alan Cox, (Tue Sep 25, 11:30 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 11:35 am)

Re: Chroot bug, Arjan van de Ven, (Tue Sep 25, 12:33 pm)

Re: Chroot bug, Alan Cox, (Tue Sep 25, 11:48 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 7:50 pm)

Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 8:55 pm)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 1:21 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 6:27 am)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 8:54 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 9:11 am)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 10:02 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 11:01 am)

Re: Chroot bug, Jiri Kosina, (Thu Sep 27, 9:49 am)

Re: Chroot bug, Al Viro, (Wed Sep 26, 9:42 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 10:51 am)

Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 6:45 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 7:13 am)

Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 11:02 am)

Re: Chroot bug, linux-os (Dick Johnson), (Wed Sep 26, 9:18 am)

Re: Chroot bug, Willy Tarreau, (Wed Sep 26, 1:25 am)

Re: Chroot bug, Alan Cox, (Tue Sep 25, 8:18 pm)

Re: Chroot bug, David Newall, (Wed Sep 26, 6:24 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 6:47 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 7:06 am)

Re: Chroot bug, Bongani Hlope, (Wed Sep 26, 9:13 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 7:20 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 11:47 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Jan Engelhardt, (Tue Sep 25, 11:20 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 11:39 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 11:41 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 11:48 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 4:51 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 12:19 pm)

Re: Chroot bug, Serge E. Hallyn, (Tue Sep 25, 12:53 pm)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 12:52 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:00 pm)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 1:05 pm)

Re: Chroot bug, Al Viro, (Tue Sep 25, 1:09 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:19 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:09 pm)

Re: sys_chroot+sys_fchdir Fix, majkls, (Thu Sep 20, 8:52 am)


linux-kernel:
Pierre Ossman	Re: [RFC][PATCH] cpuidle: avoid singing capacitors
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Greg KH	Re: Announce: Linux-next (Or Andrew's dream :-))
Rene Herman	2.6.26, PAT and AMD family 6
git:

linux-netdev:
Jesper Krogh	Re: NIU - Sun Neptune 10g - Transmit timed out reset (2.6.24)
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Arjan van de Ven	Re: [GIT]: Networking
Radu Rendec	htb parallelism on multi-core platforms
openbsd-misc:

Re: Chroot bug

Online users