Re: [RFC][PATCH-2.4] Prevent mounting on ".."

From: Arjan van de Ven (arjanv@redhat.com)
Date: Sun Jun 29 2003 - 09:09:40 EST

Next message: viro@parcelfarce.linux.theplanet.co.uk: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Previous message: Florian Weimer: "Re: Dell vs. GPL"
In reply to: Willy TARREAU: "[RFC][PATCH-2.4] Prevent mounting on "..""
Next in thread: Willy TARREAU: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Reply: Willy TARREAU: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2003-06-29 at 15:09, Willy TARREAU wrote:
> Hi Al and Marcelo,
>
> while I was trying to get maximum restrictions on a chroot on 2.4.21-pre,
> I found that it's always possible to mount a ramfs or a tmpfs on "..",
> and then upload whatever I wanted in it. It's a shame because I was
> trying to isolate network daemons inside empty, read-only file-systems,
> and I discovered that this effort was worthless. To resume, imagine a
> network daemon which does :

well...
you need to be root to mount. If you're root you can break out of a
chroot anyway....

application/pgp-signature attachment: This is a digitally signed message part

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: viro@parcelfarce.linux.theplanet.co.uk: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Previous message: Florian Weimer: "Re: Dell vs. GPL"
In reply to: Willy TARREAU: "[RFC][PATCH-2.4] Prevent mounting on "..""
Next in thread: Willy TARREAU: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Reply: Willy TARREAU: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jun 30 2003 - 22:00:30 EST