Re: access to proc filesystem from chrooted process

Khimenko Victor (khim@sch57.msk.ru)
Mon, 31 May 1999 02:45:35 +0400 (MSD)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve Dodd: "Re: XFS and journalling filesystems"
Previous message: kuznet@ms2.inr.ac.ru: "Re: Problems with 2.2.9, EEpro100 and IPv6 (was: Re: 2.2.0-pre9 and still "misbehaviour" with EEpro/"

In <E10nUmF-0004e2-00@the-village.bc.nu> Alan Cox (alan@lxorguk.ukuu.org.uk) wrote:
>> The claim made was that a hacker who hacks into a chroot trap can
>> mount proc and use it to get out of the chroot trap, and I can't see
>> how such can be done, hence the question...

> /proc/[pid]/fd/.. is handles to files outside the chroot area.

It does not. In 2.2 at least. In 2.0 you can just use /proc/1/cwd :-)
But for 2.2... Hm... I'm not sure how to use proc to get out of the chroot
trap with 2.2 :-/

> That has limited uses as you are normally non root (if you are root the
> chroot problem is uninteresting).

> Simply provide some proc-daemons, and talk to them for ps service.

Doable but still it's interesting question: is it possible for non-root
to get out of chroot trap via proc ?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steve Dodd: "Re: XFS and journalling filesystems"
Previous message: kuznet@ms2.inr.ac.ru: "Re: Problems with 2.2.9, EEpro100 and IPv6 (was: Re: 2.2.0-pre9 and still "misbehaviour" with EEpro/"