Re: [RFC] FUSE permission modell (Was: fuse review bits)

From: Miklos Szeredi
Date: Wed Apr 20 2005 - 02:11:54 EST


> Likely because its a chroot vulnerability.
>
> It allows a process to obtain a reference to the root vfsmount that
> doesn't have chroot checks performed on it.
>
> Consider the following pseudo example:
>
[...]
>
> if main is run within a chroot where it's "/" is on the same vfsmount as
> it's "..", then the application can step out of the chroot using clone(2).
>
> Note: using chdir in a vfsmount outside of your namespace works, however
> you won't be able to walk off that vfsmount (to its parent or children).

How about fixing fchdir, so it checks whether you gone outside the
tree under current->fs->rootmnt? Should be fairly easy to do.

Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/