Re: Linux 2.2.18pre21

From: Peter Samuelson (peter@cadcamlab.org)
Date: Fri Nov 17 2000 - 01:30:00 EST


[jesse]
> 1. Your server closes all open directory file descriptors and chroots.
> 2. Someone manages to run some exploit code in your process space which--

  mkdir("foo")
  chroot("foo")
  chdir("../../../../../../../../../..")
  chroot(".")

  mkdir proc
  mount -t proc none proc
  cd proc/1/cwd

Two easy "get out of jail free" cards. There are other, more complex
exploits. You have added one more. They all require root privileges.

Bottom line: once you are in the chroot jail, you must drop root
privileges, or you defeat the purpose. Security-conscious coders know
this; it's not Linux-specific behavior or anything.

Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:12 EST