Re: access to proc filesystem from chrooted process

Jeremy Fitzhardinge (jeremy@goop.org)
Sun, 30 May 1999 12:41:49 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Wuest: "nice w/ schedule control"
Previous message: Gert Doering: "Re: Problems with 2.2.9, EEpro100 and IPv6 (was: Re: 2.2.0-pre9 and still "misbehaviour" with EEpro/"
In reply to: Alan Cox: "Re: access to proc filesystem from chrooted process"

On 28-May-99 Alan Cox wrote:
>> The claim made was that a hacker who hacks into a chroot trap can
>> mount proc and use it to get out of the chroot trap, and I can't see
>> how such can be done, hence the question...
>
> /proc/[pid]/fd/.. is handles to files outside the chroot area.

I fixed it in the middle of 2.1 sometime. /proc will only let you into a [pid]
subdir if that process's root is at least as restricted as your own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert Wuest: "nice w/ schedule control"
Previous message: Gert Doering: "Re: Problems with 2.2.9, EEpro100 and IPv6 (was: Re: 2.2.0-pre9 and still "misbehaviour" with EEpro/"
In reply to: Alan Cox: "Re: access to proc filesystem from chrooted process"