Re: [RFC] relinquish_fs() syscall

[Mitchell Blank Jr]

Arjan van de Ven wrote:
> > Can you really do that on normal file descriptors?  Weird.  I'd have thought
> > you'd need to open /dev/hd* to do that.
> 
> inb/outb after iopl.

That was already discussed earlier in the thread.

> > Is AF_UNIX in a separate namespace?  My understanding (from reading
> > unix_find_other()) is that unless you can create a UNIX socket in your
> > filesystem you're going to have trouble creating new UNIX sockets.
> 
> iirc there are anonymous unix sockets...

Ah, I see now -- the sun_path[0]=='\0' code.  I'll have to take a look
at that; probably just need to add a check to prevent jailed processes
from using those sockets (since they're supposed to be in a "null"
namespace)  Will investigate later this week.

It looks like this is also a weakness in code that currently uses
chroot("/var/empty")  It's not the end of the world since it still
requires a cooperating unjailed process on the same host as the jailed
one to pass in a fd which is quite an obstacle in most scenarios.  Still,
it's something that should be protected against.

-Mitch
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/