Re: Chroot bug

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Miloslav Semler <majkls@...>

Cc: <serge@...>, <davidsen@...>, <philipp@...>, <7eggert@...>, <alan@...>, <linux-kernel@...>

Date: Tuesday, September 25, 2007 - 1:05 pm

On Sep 25 2007 19:00, Miloslav Semler wrote:
quoted text>> > This  does not help.  Let's try:
>> > chroot somewhere
>> > mkdir foo
>> > fd = open /
>> > chroot foo
>> >     
>>
>> ('fd' implicitly closed and chdir to /foo)
>>   
> Really? Try it. I am sure, that this works. You can create directory in chroot
> and break chroot by this. fd is not closed, because linux doesn't close
> descriptors by chroot syscall. this can be done every time if you have
> CAP_SYS_CHROOT.

In case you have not followed my earlier email, I'll repost:

|>> So what? Just do this: chdir into the root after chroot.
|>
|> I don't think so.  His exploit just got me all the way out of a 
|> chroot within a chroot within a chroot, inclusive of lots of 
|> chdirs.
|>
|
|Close all fds that point to directories outside the root ;-)

Perhaps that was formulated a bit sloppy. It of course means
"On chroot(2), implicitly close all FDs that point outside."
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: sys_chroot+sys_fchdir Fix, Bodo Eggert, (Thu Sep 20, 7:13 am)

Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 7:59 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 12:06 pm)

Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 12:17 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 2:02 pm)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Thu Sep 20, 4:53 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Fri Sep 21, 4:29 am)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 5:32 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Mon Sep 24, 6:04 pm)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 7:02 pm)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 7:00 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 3:45 am)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Tue Sep 25, 7:49 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 9:58 am)

Chroot bug (was: sys_chroot+sys_fchdir Fix), David Newall, (Tue Sep 25, 11:10 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Bodo Eggert, (Wed Sep 26, 3:23 pm)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Adrian Bunk, (Tue Sep 25, 11:32 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 11:43 am)

Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 12:02 pm)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Alan Cox, (Tue Sep 25, 11:30 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 11:35 am)

Re: Chroot bug, Arjan van de Ven, (Tue Sep 25, 12:33 pm)

Re: Chroot bug, Alan Cox, (Tue Sep 25, 11:48 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 7:50 pm)

Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 8:55 pm)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 1:21 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 6:27 am)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 8:54 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 9:11 am)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 10:02 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 11:01 am)

Re: Chroot bug, Jiri Kosina, (Thu Sep 27, 9:49 am)

Re: Chroot bug, Al Viro, (Wed Sep 26, 9:42 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 10:51 am)

Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 6:45 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 7:13 am)

Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 11:02 am)

Re: Chroot bug, linux-os (Dick Johnson), (Wed Sep 26, 9:18 am)

Re: Chroot bug, Willy Tarreau, (Wed Sep 26, 1:25 am)

Re: Chroot bug, Alan Cox, (Tue Sep 25, 8:18 pm)

Re: Chroot bug, David Newall, (Wed Sep 26, 6:24 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 6:47 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 7:06 am)

Re: Chroot bug, Bongani Hlope, (Wed Sep 26, 9:13 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 7:20 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 11:47 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Jan Engelhardt, (Tue Sep 25, 11:20 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 11:39 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 11:41 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 11:48 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 4:51 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 12:19 pm)

Re: Chroot bug, Serge E. Hallyn, (Tue Sep 25, 12:53 pm)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 12:52 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:00 pm)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 1:05 pm)

Re: Chroot bug, Al Viro, (Tue Sep 25, 1:09 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:19 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:09 pm)

Re: sys_chroot+sys_fchdir Fix, majkls, (Thu Sep 20, 8:52 am)


linux-kernel:
Pierre Ossman	Re: [RFC][PATCH] cpuidle: avoid singing capacitors
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Greg KH	Re: Announce: Linux-next (Or Andrew's dream :-))
Rene Herman	2.6.26, PAT and AMD family 6
git:

linux-netdev:
Jesper Krogh	Re: NIU - Sun Neptune 10g - Transmit timed out reset (2.6.24)
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Arjan van de Ven	Re: [GIT]: Networking
Radu Rendec	htb parallelism on multi-core platforms
openbsd-misc:

Re: Chroot bug

Online users