Re: Chroot bug

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: David Newall <david@...>

Cc: Alan Cox <alan@...>, Serge E. Hallyn <serge@...>, Bill Davidsen <davidsen@...>, Philipp Marek <philipp@...>, <7eggert@...>, majkls <majkls@...>, <bunk@...>, <linux-kernel@...>

Subject: Re: Chroot bug

Date: Tuesday, September 25, 2007 - 8:55 pm

On Wed, Sep 26, 2007 at 09:20:54AM +0930, David Newall wrote:
quoted text> Alan Cox wrote:
>> On Wed, 26 Sep 2007 01:05:07 +0930
>> David Newall <david@davidnewall.com> wrote:
>>> Alan Cox wrote:
>>>     
>>>>> Marek's loading dynamic libraries, it seems clear that the prime 
>>>>> purpose of chroot is to aid security.  Being able to cd your way out is 
>>>>> handy             
>>>> Does it - I can't find any evidence for that.
>>>>       
>>> It seems self-evident to me.  What do you think is it prime purpose?
>>>     
>>
>> Debugging and testing. At least that is as I understand it much of where
>> it came from.
>>   
>
> Good call.  Though I suppose, since it's used 24x7 to aid security on 
> countless production servers, that security dwarfs testing.  Still, 
> debugging, yes that's valid.

Incompetent people implementing security solutions are a real problem.

quoted text> I don't suppose it makes and difference; whatever the purpose, a chroot 
> that doesn't change the root is buggy.

It does change the root.

But it does not limit what the root user can do after the root was 
changed.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: sys_chroot+sys_fchdir Fix, Bodo Eggert, (Thu Sep 20, 7:13 am)

Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 7:59 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 12:06 pm)

Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 12:17 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 2:02 pm)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Thu Sep 20, 4:53 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Fri Sep 21, 4:29 am)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 5:32 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Mon Sep 24, 6:04 pm)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 7:02 pm)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 7:00 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 3:45 am)

Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Tue Sep 25, 7:49 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 9:58 am)

Chroot bug (was: sys_chroot+sys_fchdir Fix), David Newall, (Tue Sep 25, 11:10 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Bodo Eggert, (Wed Sep 26, 3:23 pm)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Adrian Bunk, (Tue Sep 25, 11:32 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 11:43 am)

Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 12:02 pm)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Alan Cox, (Tue Sep 25, 11:30 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 11:35 am)

Re: Chroot bug, Arjan van de Ven, (Tue Sep 25, 12:33 pm)

Re: Chroot bug, Alan Cox, (Tue Sep 25, 11:48 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 7:50 pm)

Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 8:55 pm)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 1:21 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 6:27 am)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 8:54 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 9:11 am)

Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 10:02 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 11:01 am)

Re: Chroot bug, Jiri Kosina, (Thu Sep 27, 9:49 am)

Re: Chroot bug, Al Viro, (Wed Sep 26, 9:42 am)

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 10:51 am)

Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 6:45 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 7:13 am)

Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 11:02 am)

Re: Chroot bug, linux-os (Dick Johnson), (Wed Sep 26, 9:18 am)

Re: Chroot bug, Willy Tarreau, (Wed Sep 26, 1:25 am)

Re: Chroot bug, Alan Cox, (Tue Sep 25, 8:18 pm)

Re: Chroot bug, David Newall, (Wed Sep 26, 6:24 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 6:47 am)

Re: Chroot bug, David Newall, (Wed Sep 26, 7:06 am)

Re: Chroot bug, Bongani Hlope, (Wed Sep 26, 9:13 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 7:20 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 11:47 am)

Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Jan Engelhardt, (Tue Sep 25, 11:20 am)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 11:39 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 11:41 am)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 11:48 am)

Re: Chroot bug, David Newall, (Tue Sep 25, 4:51 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 12:19 pm)

Re: Chroot bug, Serge E. Hallyn, (Tue Sep 25, 12:53 pm)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 12:52 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:00 pm)

Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 1:05 pm)

Re: Chroot bug, Al Viro, (Tue Sep 25, 1:09 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:19 pm)

Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:09 pm)

Re: sys_chroot+sys_fchdir Fix, majkls, (Thu Sep 20, 8:52 am)


linux-kernel:
Len Brown	[PATCH 05/85] ACPI: Add "acpi.power_nocheck=1" to disable power state check in pow...
Andi Kleen	[PATCH] [2/50] x86_64: use core id bits for apicid_to_node initialization
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Andrew Morton	2.6.23-rc1-mm1
git:

linux-netdev:
Gregory Haskins	[RFC PATCH 06/17] ioq: Add basic definitions for a shared-memory, lockless queue
Arjan van de Ven	Re: [GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	Re: mac80211 truesize bugs
openbsd-misc:

Re: Chroot bug

Online users