Home » Mailing list archives » linux-kernel » 2007 » September » 26

Re: Chroot bug

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Kyle Moffett <mrmacman_g4@...>
To: Adrian Bunk <bunk@...>
Cc: David Newall <david@...>, Alan Cox <alan@...>, Serge E. Hallyn <serge@...>, Bill Davidsen <davidsen@...>, Philipp Marek <philipp@...>, <7eggert@...>, majkls <majkls@...>, <bunk@...>, <linux-kernel@...>
Subject: Re: Chroot bug
Date: Wednesday, September 26, 2007 - 1:21 am

On Sep 25, 2007, at 20:55:51, Adrian Bunk wrote:

This is required for most distro installers to work:

*Procedure to install files*
chroot /target
mount -t proc proc /proc
mount -t sysfs sysfs /sys
mount -t tmpfs tmpfs /dev
udevd --daemon
udevtrigger
udevsettle
mount /dev/cdrom0 /media/cdrom0
*Load more kernel modules*
*Procedure to configure newly-installed system*
*Do other highly-privileged operations*
*Configure networking and submit installation report*
*Reboot*

David, please do tell myself and Adrian how "locking down" chroot()  
the way you want will avoid letting root break out through any of the  
above ways?

Hell, after you chroot one could probably just run:
   mount --bind /minimal_root /minimal_root
   cd /minimal_root
   mkdir old
   pivot_root . old
   cd /old
   mkdir old_minimal_root
   pivot_root . old_minimal_root
   umount /old_minimal_root
   rmdir /old_minimal_root
Now, like magic, the entire system is once more accessible.

Alternatively you could:
   mount -t proc proc /proc
   cat /proc/1/mounts
   mount -t $ROOTFS_FROM_PROC $ROOTDEV_FROM_PROC /

Either way root can trivially break out of any chroot using  
FUNDAMENTAL PRIMITIVES that he/she always has access to.  If you want  
to take those away you have to use SELinux or capabilities, in which  
case you could just take away the CAP_SYS_CHROOT capability in the  
first place!

Cheers,
Kyle Moffett

-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: sys_chroot+sys_fchdir Fix, Bodo Eggert, (Thu Sep 20, 7:13 am)
Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 7:59 am)
Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 12:06 pm)
Re: sys_chroot+sys_fchdir Fix, Philipp Marek, (Thu Sep 20, 12:17 pm)
Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 20, 2:02 pm)
Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Thu Sep 20, 4:53 pm)
Re: sys_chroot+sys_fchdir Fix, David Newall, (Fri Sep 21, 4:29 am)
Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 5:32 pm)
Re: sys_chroot+sys_fchdir Fix, David Newall, (Mon Sep 24, 6:04 pm)
Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 7:02 pm)
Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Mon Sep 24, 7:00 pm)
Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 3:45 am)
Re: sys_chroot+sys_fchdir Fix, Serge E. Hallyn, (Tue Sep 25, 7:49 am)
Re: sys_chroot+sys_fchdir Fix, David Newall, (Tue Sep 25, 9:58 am)
Chroot bug (was: sys_chroot+sys_fchdir Fix), David Newall, (Tue Sep 25, 11:10 am)
Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Bodo Eggert, (Wed Sep 26, 3:23 pm)
Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Adrian Bunk, (Tue Sep 25, 11:32 am)
Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 11:43 am)
Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 12:02 pm)
Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Alan Cox, (Tue Sep 25, 11:30 am)
Re: Chroot bug, David Newall, (Tue Sep 25, 11:35 am)
Re: Chroot bug, Arjan van de Ven, (Tue Sep 25, 12:33 pm)
Re: Chroot bug, Alan Cox, (Tue Sep 25, 11:48 am)
Re: Chroot bug, David Newall, (Tue Sep 25, 7:50 pm)
Re: Chroot bug, Adrian Bunk, (Tue Sep 25, 8:55 pm)
Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 1:21 am)
Re: Chroot bug, David Newall, (Wed Sep 26, 6:27 am)
Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 8:54 am)
Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 9:11 am)
Re: Chroot bug, Kyle Moffett, (Wed Sep 26, 10:02 am)
Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 11:01 am)
Re: Chroot bug, Jiri Kosina, (Thu Sep 27, 9:49 am)
Re: Chroot bug, Al Viro, (Wed Sep 26, 9:42 am)
Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 10:51 am)
Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 6:45 am)
Re: Chroot bug, David Newall, (Wed Sep 26, 7:13 am)
Re: Chroot bug, Olivier Galibert, (Wed Sep 26, 11:02 am)
Re: Chroot bug, linux-os (Dick Johnson), (Wed Sep 26, 9:18 am)
Re: Chroot bug, Willy Tarreau, (Wed Sep 26, 1:25 am)
Re: Chroot bug, Alan Cox, (Tue Sep 25, 8:18 pm)
Re: Chroot bug, David Newall, (Wed Sep 26, 6:24 am)
Re: Chroot bug, Alan Cox, (Wed Sep 26, 6:47 am)
Re: Chroot bug, David Newall, (Wed Sep 26, 7:06 am)
Re: Chroot bug, Bongani Hlope, (Wed Sep 26, 9:13 am)
Re: Chroot bug, Alan Cox, (Wed Sep 26, 7:20 am)
Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 11:47 am)
Re: Chroot bug (was: sys_chroot+sys_fchdir Fix), Jan Engelhardt, (Tue Sep 25, 11:20 am)
Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 11:39 am)
Re: Chroot bug, David Newall, (Tue Sep 25, 11:41 am)
Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 11:48 am)
Re: Chroot bug, David Newall, (Tue Sep 25, 4:51 pm)
Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 12:19 pm)
Re: Chroot bug, Serge E. Hallyn, (Tue Sep 25, 12:53 pm)
Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 12:52 pm)
Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:00 pm)
Re: Chroot bug, Jan Engelhardt, (Tue Sep 25, 1:05 pm)
Re: Chroot bug, Al Viro, (Tue Sep 25, 1:09 pm)
Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:19 pm)
Re: Chroot bug, Miloslav Semler, (Tue Sep 25, 1:09 pm)
Re: sys_chroot+sys_fchdir Fix, majkls, (Thu Sep 20, 8:52 am)