Re: [PATCH 4/4] Allow unprivileged chroot when safe

From: Linus Torvalds
Date: Sun Jan 15 2012 - 19:45:54 EST

Next message: 함명주: "Re: [PATCH] devfreq: exynos4_bus: Use dev_get_drvdata at appropriateplaces"
Previous message: Matthew Garrett: "Re: [PATCH] x86 / reboot: Blacklist Dell OptiPlex 990 known torequire PCI reboot"
In reply to: Andy Lutomirski: "[PATCH 4/4] Allow unprivileged chroot when safe"
Next in thread: Andy Lutomirski: "Re: [PATCH 4/4] Allow unprivileged chroot when safe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jan 15, 2012 at 4:37 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> Chroot can easily be used to subvert setuid programs. If no_new_privs,
> then setuid programs don't gain any privilege, so allow chroot.
>
> Because chroot is an easy way to break out of chroot jail, CAP_SYS_ADMIN
> is still required if the caller is already chrooted.

So I think this whole chroot thing needs more people looking at it. I
brought up chroot as an example, but there may be other reasons why
you don't want user chrooting things than just the setuid confusion.

There's also the whole issue with doing things like local non-root
bind mounts, which are arguably more useful than chroot, and which are
disallowed for similar reasons. So I don't think chroot is all that
special.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: 함명주: "Re: [PATCH] devfreq: exynos4_bus: Use dev_get_drvdata at appropriateplaces"
Previous message: Matthew Garrett: "Re: [PATCH] x86 / reboot: Blacklist Dell OptiPlex 990 known torequire PCI reboot"
In reply to: Andy Lutomirski: "[PATCH 4/4] Allow unprivileged chroot when safe"
Next in thread: Andy Lutomirski: "Re: [PATCH 4/4] Allow unprivileged chroot when safe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]