Re: sys_chroot+sys_fchdir Fix

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Adrian Bunk <bunk@...>

Cc: David Newall <david@...>, Christer Weinigel <christer@...>, Phillip Susi <psusi@...>, Bill Davidsen <davidsen@...>, majkls <majkls@...>, <linux-kernel@...>

Subject: Re: sys_chroot+sys_fchdir Fix

Date: Wednesday, September 26, 2007 - 11:59 pm

On Thu, Sep 27, 2007 at 02:01:37AM +0200, Adrian Bunk wrote:
quoted text> <--  snip  -->
> 
> Look, when chroot was being designed, I think they intended that even root 
> should be unable to get out. They went so far as to say that dot-dot 
> wouldn't let you out; and it doesn't.
> 
> <--  snip  -->
> 
> You were clearly saying that whom you call "they" were the people who 
> designed chroot. And it was you who was claiming in this statement that
> "they" said it.
> 
> The OpenBSD manpage you quoted in this thread states chroot() was added 
> in 4.2BSD, and 4.2BSD was released in 1983.
> 
> You should therefore either bring a source where the people who designed 
> chroot() in 1983 or earlier are stating what you claim they said or 
> admit that you were talking utter bullshit.

chroot() is present in v7, thank you very much.  /usr/sys/sys/sys4.c has

chdir()
{
        chdirec(&u.u_cdir);
}

chroot()
{
        if (suser())
                chdirec(&u.u_rdir);
}

and back then it didn't stop lookups by .. at all - u_rdir is only used
in the beginning of namei() (when pathname starts with /), plus the obvious
refcounting in exit()/newproc().  So give me a break - back when it had
been introduced, it didn't do anything jail-like _at_ _all_.

That check appears only in BSD:
@@ -1,4 +1,4 @@
-/*     vfs_lookup.c    4.4     03/06/81        */
+/*     vfs_lookup.c    4.5     81/03/09        */

 #include "../h/param.h"
 #include "../h/systm.h"
@@ -107,6 +107,9 @@
        u.u_segflg = 1;
        eo = 0;
        bp = NULL;
+       if (dp == u.u_rdir && u.u_dent.d_name[0] == '.' &&
+           u.u_dent.d_name[1] == '.' && u.u_dent.d_name[2] == 0)
+               goto cloop;

 eloop:

with spectaculary lousy commit message ("lint and a minor fixed") by
wnj.  Feel free to ask Bill Joy WTF he had intended.  At a guess,
more consistent behaviour in chrooted environment (i.e. pathname
resolution looking as if the subtree had been everything).

To talk about root-safety of _anything_ at that point is bloody ridiculous.
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

sys_chroot+sys_fchdir Fix, majkls, (Wed Sep 19, 3:19 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 19, 5:40 am)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Wed Sep 19, 2:27 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 19, 2:45 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 19, 6:24 pm)

Re: sys_chroot+sys_fchdir Fix, Phillip Susi, (Fri Sep 21, 1:39 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Fri Sep 21, 2:10 pm)

Re: sys_chroot+sys_fchdir Fix, Phillip Susi, (Tue Sep 25, 4:53 pm)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Tue Sep 25, 8:23 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 6:34 am)

Re: sys_chroot+sys_fchdir Fix, Christer Weinigel, (Wed Sep 26, 3:24 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 5:19 pm)

Re: sys_chroot+sys_fchdir Fix, Christer Weinigel, (Thu Sep 27, 3:28 am)

Re: sys_chroot+sys_fchdir Fix, Theodore Tso, (Thu Sep 27, 7:23 am)

Re: sys_chroot+sys_fchdir Fix, Bill Davidsen, (Thu Sep 27, 10:36 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 27, 9:06 pm)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Wed Sep 26, 5:55 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 7:35 pm)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Wed Sep 26, 8:01 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Thu Sep 27, 2:42 am)

Re: sys_chroot+sys_fchdir Fix, Adrian Bunk, (Thu Sep 27, 2:53 am)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Wed Sep 26, 11:59 pm)

Re: sys_chroot+sys_fchdir Fix, Al Viro, (Wed Sep 26, 2:40 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 7:21 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 7:22 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 7:38 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 7:56 am)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 10:10 am)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 12:54 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 1:04 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 1:18 pm)

Re: sys_chroot+sys_fchdir Fix, Alan Cox, (Wed Sep 26, 1:29 pm)

Re: sys_chroot+sys_fchdir Fix, David Newall, (Wed Sep 26, 1:28 pm)

Re: sys_chroot+sys_fchdir Fix, Chris Adams, (Wed Sep 26, 11:03 am)


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Ingo Molnar	Re: [RFT] x86 acpi: normalize segment descriptor register on resume
Andrew Morton	-mm merge plans for 2.6.23
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
git:

linux-netdev:
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
David Miller	Re: [GIT]: Networking
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Ingo Molnar	[bug] stuck localhost TCP connections, v2.6.26-rc3+
openbsd-misc:

Re: sys_chroot+sys_fchdir Fix

Online users