Re: Security patch for /proc

Roger Espel Llima (espel@llaic.u-clermont1.fr)
Tue, 31 Mar 1998 17:11:44 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: Kernel EIP and total NFS failure (2.0.33, 2.1.86/9) [solved]"
Previous message: Jitse Niesen: "2.1.91: skput:over kernel panic"

> From: Chris Evans <chris@ferret.lmh.ox.ac.uk>
> On Tue, 31 Mar 1998, Jeremy Fitzhardinge wrote:
> >
> > Here's a patch which prevents chrooted processes from escaping from
> > their chrooted area via /proc.
>
> I'm not sure I agree with this approach -- perhaps root processes should
> not be allowed to use the mount() syscall if root_dir != real_root. The
> other main source of nastiness is ptrace() -- this needs to be banned in a
> similar manner. There are other ways root could escape a chroot()
> jail, we need to think about them and eliminate them one by one.

I don't think Linux should even attempt to prevent root on a chrooted
env to break from the chroot jail (unless capabs are folded in, and it's
done properly and thoroughly that way). There are just too many ways,
and chroot really wasn't meant for that.

Note that, since you can't control quite nicely what goes into a
chrooted environment (i.e you don't have to have /usr/games/svgalibdoom
and similar setuid crap) in there, it shouldn't be too hard to make sure
a chrooted ordinary user can't become root.

-- Roger Espel Llima, espel@llaic.u-clermont1.fr http://www.eleves.ens.fr:8080/home/espel/index.html

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu

Next message: Alan Cox: "Re: Kernel EIP and total NFS failure (2.0.33, 2.1.86/9) [solved]"
Previous message: Jitse Niesen: "2.1.91: skput:over kernel panic"