Re: Linux 2.2.18pre21

From: Peter Samuelson (peter@cadcamlab.org)
Date: Fri Nov 17 2000 - 06:22:26 EST

Next message: Alan Cox: "Re: How to add a drive to DMA black list?"
Previous message: Vasil Kolev: "__alloc_pages: 2-order allocation failed."
In reply to: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Next in thread: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Reply: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[I wrote]
> > mkdir("foo")
> > chroot("foo")

[H. Peter Anvin]
> BUG: you *MUST* chdir() into the chroot jail before it does you any
> good at all!

No, it wasn't a bug! It was a demonstration. The above code is
executed not by the application but by the *attacker* who has managed
to 0wn the existing jail.

Doing the additional chroot("foo") without already being in "foo"
basically replaces the chroot jail you *were* in, so you are now out.

The sequence I posted is just the simplest un-chroot procedure I know,
to explain why chroot cannot sandbox the superuser.

Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: How to add a drive to DMA black list?"
Previous message: Vasil Kolev: "__alloc_pages: 2-order allocation failed."
In reply to: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Next in thread: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Reply: H. Peter Anvin: "Re: Linux 2.2.18pre21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:12 EST