> Hi, all. It looks like there is a potential security hole in the new
> shmfs code. In ipc/shm.c:sys_shmat() the root directory is temporarily
> changed for a while. A CLONE_FS clone can then come in and take
> advantage of this exposure. This needs to be fixed.
And just where is the CLONE_FS coming from ?
Im very careful here. I change the fs struct of the thread specifically to
avoid that kind of attack. If I changed current->fs->root you would be right,
but since I change current->fs the rest of the thread goup shouldn't be able
to do anything as their current->fs is different to our temporary one. If
another thread chroots() our thread group then we will restore to the
thread group fs and thus the chroot will still work fine.
So I think its ok
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:20 EST