chroot [Was: Re: Linux 2.2.18pre21]

From: Kurt Roeckx (Q@ping.be)
Date: Thu Nov 16 2000 - 15:02:53 EST


On Thu, Nov 16, 2000 at 11:52:49AM -0800, jesse wrote:
> On Thu, Nov 16, 2000 at 05:16:18PM +0100, Andrea Arcangeli wrote:
> > On Thu, Nov 16, 2000 at 03:07:04PM +0100, Matthias Andree wrote:
> > > It shows a program that saves the cwd -- open(".",...) in an open file,
> > > then chroots [..]
> >
> > This is known behaviour (I know Alan knows about it too), solution is to close
> > open directories filedescriptors before chrooting.
> >
> > Everything that happens before chroot(2) is trusted, so it's secure to rely
> > on it to close directories first.
> >
> > If this is not well documented and people doesn't know about it and so they
> > writes unsafe code that's another issue...
>
> But the problem is because you can call chroot when you're already chrooted.

Only if you're root. There are other ways to break out of a
chroot() if you're root too.

Kurt

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:11 EST