Re: Linux proc exploit

Alan Cox (alan@lxorguk.ukuu.org.uk)
Wed, 26 Nov 1997 16:39:48 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mike Cunningham: "Re: kernel 2.0.32 and teardrop ?"
Previous message: Alan Cox: "Re: fork: out of memory"
In reply to: D.P.Simpson@ecs.soton.ac.uk: "Linux proc exploit"
Next in thread: Miquel van Smoorenburg: "Re: Linux proc exploit"

> Linux has a vulnerability in the proc filing system: it can be used by root to escape from
> chroot() areas.

Correct. Its irrelecant

On any unix platform root can do

mkdir foo
chroot foo
cd ../../../../../../../..
chdir .

root can use iopl() too

You should not have any root setuid task in a chroot area.

Alan

Next message: Mike Cunningham: "Re: kernel 2.0.32 and teardrop ?"
Previous message: Alan Cox: "Re: fork: out of memory"
In reply to: D.P.Simpson@ecs.soton.ac.uk: "Linux proc exploit"
Next in thread: Miquel van Smoorenburg: "Re: Linux proc exploit"