Re: Chroot bug

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: David Newall

Date: Tuesday, September 25, 2007 - 1:51 pm

Jan Engelhardt wrote:
quoted text> On Sep 26 2007 01:11, David Newall wrote:
>   
>> Jan Engelhardt wrote:
>>     
>>> On Sep 26 2007 00:40, David Newall wrote:
>>>   
>>>       
>>>> Miloslav Semler pointed out that a root process can chdir("..") out of its
>>>> chroot.
>>>>         
>>> So what? Just do this: chdir into the root after chroot.
>>>       
>> I don't think so.  His exploit just got me all the way out of a chroot within a
>> chroot within a chroot, inclusive of lots of chdirs.
>>     
>
> Close all fds that point to directories outside the root ;-)
>   

Nope, still gets out.
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: sys_chroot+sys_fchdir Fix, Bodo Eggert, (Thu Sep 20, 4:13 am)

Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 4:59 am)

Re: sys_chroot+sys_fchdir Fix, majkls, (Thu Sep 20, 5:52 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 9:06 am)

Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 9:17 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 11:02 am)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Thu Sep 20, 1:53 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Fri Sep 21, 1:29 am)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 2:32 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Mon Sep 24, 3:04 pm)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 4:00 pm)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 4:02 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 12:45 am)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Tue Sep 25, 4:49 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 6:58 am)

Chroot bug (was: sys_chroot+sys_fchdir Fix), David Newall, (Tue Sep 25, 8:10 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Jan Engelhardt, (Tue Sep 25, 8:20 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Alan Cox, (Tue Sep 25, 8:30 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Adrian Bunk, (Tue Sep 25, 8:32 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 8:35 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 8:39 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 8:41 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 8:43 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 8:47 am)

Re: Chroot bug, Alan Cox, (Tue Sep 25, 8:48 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 8:48 am)

Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 9:02 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 9:19 am)

Re: Chroot bug, Arjan van de Ven, (Tue Sep 25, 9:33 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 9:52 am)

Re: Chroot bug, Serge E. Hallyn, (Tue Sep 25, 9:53 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 10:00 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 10:05 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 10:09 am)

Re: Chroot bug, Al Viro, (Tue Sep 25, 10:09 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 10:19 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 1:51 pm)

Re: Chroot bug, David Newall, (Tue Sep 25, 4:50 pm)

Re: Chroot bug, Alan Cox, (Tue Sep 25, 5:18 pm)

Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 5:55 pm)

Re: Chroot bug, Kyle Moffett, (Tue Sep 25, 10:21 pm)

Re: Chroot bug, Willy Tarreau, (Tue Sep 25, 10:25 pm)

Re: Chroot bug, David Newall, (Wed Sep 26, 3:24 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 3:27 am)

Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 3:45 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 3:47 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 4:06 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 4:13 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 4:20 am)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 5:54 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 6:11 am)

Re: Chroot bug, Bongani Hlope, (Wed Sep 26, 6:13 am)

Re: Chroot bug, linux-os (Dick Johnson), (Wed Sep 26, 6:18 am)

Re: Chroot bug, Al Viro, (Wed Sep 26, 6:42 am)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 7:02 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 7:51 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 8:01 am)

Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 8:02 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Bodo Eggert, (Wed Sep 26, 12:23 pm)

Re: Chroot bug, Jiri Kosina, (Thu Sep 27, 6:49 am)


linux-kernel:
Frederic Weisbecker	[PATCH v2] struct sort_entry has a callback named snprintf that turns an entry int...
FUJITA Tomonori	Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel
Jens Axboe	Re: [BUG] Linux 2.6.25-rc2 - Regression from 2.6.24-rc1-git1 softlockup while bo...
Andrew Morton	Re: [PATCH v3 0/4] Introduce hardware spinlock framework
Jeff Garzik	Re: 2.6.23-rc7-mm1 AHCI ATA errors -- won't boot
git:
Junio C Hamano	Re: git-svnimport
Michal Sojka	[PATCHv5 1/2] filter-branch: Fix to allow replacing submodules with another content
Junio C Hamano	Re: Fwd: git status options feature suggestion
Johannes Schindelin	Re: [PATCH] Fix approxidate("never") to always return 0
A Large Angry SCM	Re: [RFC] origin link for cherry-pick and revert
linux-netdev:
Arnaldo Carvalho de Melo	Re: [PATCH 06/37] dccp: Limit feature negotiation to connection setup phase
Gerrit Renker	[PATCH 1/5] dccp: Initialisation framework for feature negotiation
Ursula Braun	[patch 2/8] [PATCH] af_iucv: sync sk shutdown flag if iucv path is quiesced
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
git-commits-head:
Linux Kernel Mailing List	ARM: S3C64XX: DMA: Callback with correct buffer pointer
Linux Kernel Mailing List	sata_mv: drop unncessary EH callback resetting
Linux Kernel Mailing List	timer: Try to survive timer callback preempt_count leak
Linux Kernel Mailing List	powerpc/kexec: Add support for FSL-BookE
Linux Kernel Mailing List	ARM: 5670/1: bcmring: add default configuration for bcmring arch
openbsd-misc:
Rene Maroufi	smtpd: Aliases only work with for local alias aliases
Stephen J. Bevan	GRE over IPsec
Christophe Rioux	Implementation example of snmp
Darrin Chandler	Re: strange output on openbsd C code
Nick Holland	Re: booting openbsd on eee without cd-rom