Re: access to proc filesystem from chrooted process

Andreas Bombe (andreas.bombe@munich.netsurf.de)
Sat, 22 May 1999 18:41:17 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jonathan Larmour: "Re: Possible task exit bug?"
Previous message: David S. Miller: "Re: suspicious lock code in sys_sunos.c and sys_sunos32.c"

On Fri, May 21, 1999 at 07:23:30PM +0100, Peter Benie wrote:
> Riley Williams writes ("Re: access to proc filesystem from chrooted process"):
> > Unless I'm misunderstanding this, it appears to be pointless since
> > only processes chroot'd to / or /proc could see the entries in the
> > proc file system anyway, as if they're chroot'd anywhere else, they
> > can't even access /proc ???
>
> If you are setting up a server with a chrooted environment for users,
> it is useful to have /proc mounted inside the chroot so that programs
> like top and ps can work, so yes, users can get at /proc.

But then you have to be careful if you use that as a security
enhancement. Programs that are suid root can break out of their chroot
by cd'ing to /proc/1/root. If the user for some reason gets a program
to run outside of the chroot with his uid, they can break out without
suid by using this program's proc entry.

-- Andreas E. Bombe <andreas.bombe@munich.netsurf.de> http://home.pages.de/~andreas.bombe/ PGP 0x886663c9 30 EC 09 73 84 7B 55 83 C4 7A 91 D9 9D C5 4B B0 GPG 0x04880A44 72E5 7031 4414 2EB6 F6B4 4CBD 1181 7032 0488 0A44

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Jonathan Larmour: "Re: Possible task exit bug?"
Previous message: David S. Miller: "Re: suspicious lock code in sys_sunos.c and sys_sunos32.c"