Re: Linux 2.2.18pre21

From: Pavel Machek (pavel@suse.cz)
Date: Sat Nov 18 2000 - 15:44:18 EST

Next message: Pavel Machek: "Re: rdtsc to mili secs?"
Previous message: dalecki: "[PATCH] megaraid driver update for 2.4.0-test10"
In reply to: jesse: "Re: Linux 2.2.18pre21"
Next in thread: Nix: "Re: Linux 2.2.18pre21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > Two easy "get out of jail free" cards. There are other, more complex
> > exploits. You have added one more. They all require root privileges.
>
> Actually, I've heard that a chrooted _non-root_ process can find another
> process with the same uid that's not chrooted and can ptrace() to pull
> itself out of the jail.

Right. Once you have same uid as someone else, you have basically his
priviledges if you chooseto.

> I'd imagine dropping CAP_SYS_PTRACE would avoid this, though.

Pardon me, but CAP_SYS_PTRACE is not required for tracing processes of
same UID.
Pavel

-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: rdtsc to mili secs?"
Previous message: dalecki: "[PATCH] megaraid driver update for 2.4.0-test10"
In reply to: jesse: "Re: Linux 2.2.18pre21"
Next in thread: Nix: "Re: Linux 2.2.18pre21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:16 EST