Re: [RFC][PATCH-2.4] Prevent mounting on ".."

From: Willy TARREAU (willy@w.ods.org)
Date: Sun Jun 29 2003 - 09:35:42 EST


On Sun, Jun 29, 2003 at 03:27:25PM +0100, viro@parcelfarce.linux.theplanet.co.uk wrote:
 
> Sigh... We _can't_ do that via chroot(). Please, stop fooling yourself -
> if attacker gets control over root process, the fight is over. In particular,
> attacker can chmod your read-only directory and/or remount the thing.

not if the file-system is read-only by design (eg: romfs or anything like that)
or a read-only directory in /proc. To be honnest, I have another patch which
allows any process to chroot to /proc/self/empty. I know that it's not good
when the root is compromized. The attacker could do other things and even halt
the system. That's not what I'm trying to fight against. I'm only trying to
stop proliferation, and isolate the attacker into a place where the only tools
he can use are the ones he codes himself on the heap or stack, which is rather
limitating.

Cheers,
Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Jun 30 2003 - 22:00:30 EST