Re: Linux 2.2.18pre21

From: Peter Samuelson (peter@cadcamlab.org)
Date: Fri Nov 17 2000 - 01:30:00 EST

Next message: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Previous message: Rajiv Majumdar: "FW: help needed]"
In reply to: jesse: "Re: Linux 2.2.18pre21"
Next in thread: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Reply: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Reply: jesse: "Re: Linux 2.2.18pre21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[jesse]
> 1. Your server closes all open directory file descriptors and chroots.
> 2. Someone manages to run some exploit code in your process space which--

  mkdir("foo")
  chroot("foo")
  chdir("../../../../../../../../../..")
  chroot(".")

  mkdir proc
  mount -t proc none proc
  cd proc/1/cwd

Two easy "get out of jail free" cards. There are other, more complex
exploits. You have added one more. They all require root privileges.

Bottom line: once you are in the chroot jail, you must drop root
privileges, or you defeat the purpose. Security-conscious coders know
this; it's not Linux-specific behavior or anything.

Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Previous message: Rajiv Majumdar: "FW: help needed]"
In reply to: jesse: "Re: Linux 2.2.18pre21"
Next in thread: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Reply: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Reply: jesse: "Re: Linux 2.2.18pre21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:12 EST