Re: can chroot be made safe for non-root?

From: Philippe Troin (phil@fifi.org)
Date: Wed Oct 16 2002 - 17:04:11 EST

Next message: Marcelo Tosatti: "Re: 2.4.20pre11aa1 Compile Error"
Previous message: Linus Torvalds: "Re: Linux v2.5.43"
In reply to: David Wagner: "Re: can chroot be made safe for non-root?"
Next in thread: David Wagner: "Re: can chroot be made safe for non-root?"
Reply: David Wagner: "Re: can chroot be made safe for non-root?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

daw@mozart.cs.berkeley.edu (David Wagner) writes:

> Philippe Troin wrote:
> >Eric Buddington <eric@ma-northadams1b-3.bur.adelphia.net> writes:
> >> Would it be reasonable to allow non-root processes to chroot(), if the
> >> chroot syscall also changed the cwd for non-root processes?
> >
> >No.
> >
> > fd = open("/", O_RDONLY);
> > chroot("/tmp");
> > fchdir(fd);
> >
> >and you're out of the chroot.
>
> Irrelevant. If a process *wants* to voluntarily sandbox itself, it can
> close all open file descriptors before sandboxing.

You missed the point.

If the process can be forced to run the above (possibly via a stack
overflow), then it is out of the chroot.

Phil.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marcelo Tosatti: "Re: 2.4.20pre11aa1 Compile Error"
Previous message: Linus Torvalds: "Re: Linux v2.5.43"
In reply to: David Wagner: "Re: can chroot be made safe for non-root?"
Next in thread: David Wagner: "Re: can chroot be made safe for non-root?"
Reply: David Wagner: "Re: can chroot be made safe for non-root?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:30 EST