Re: sys_chroot+sys_fchdir Fix

From: Bill Davidsen
Date: Wed Sep 19 2007 - 14:24:43 EST

Next message: Bernhard Rosenkraenzer: "Re: [alsa-devel] [PARTIAL PATCH] snd-hda-intel on Medion WIM2160"
Previous message: Mathieu Desnoyers: "Re: [patch 4/7] Immediate Values - i386 Optimization"
In reply to: Alan Cox: "Re: sys_chroot+sys_fchdir Fix"
Next in thread: Alan Cox: "Re: sys_chroot+sys_fchdir Fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox wrote:

On Wed, 19 Sep 2007 09:19:50 +0200
majkls <majkls@xxxxxxxxxxx> wrote:

Hello,
here is an fix to an exploit (obtained somewhere in internet). This exploit can workaround chroot with CAP_SYS_CHROOT. It is also possible (with sufficient filedescriptor (if there is na directory fd opened in root) workaround chroot with sys_fchdir. This patch fixes it.

If you have the ability to use chroot() you are root. If you are root you
can walk happily out of any chroot by a thousand other means.

I thought this was to prevent breaking out of chroot as a normal user.
ie. chroot /var/myjail /bin/su - guest
or similar.

--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bernhard Rosenkraenzer: "Re: [alsa-devel] [PARTIAL PATCH] snd-hda-intel on Medion WIM2160"
Previous message: Mathieu Desnoyers: "Re: [patch 4/7] Immediate Values - i386 Optimization"
In reply to: Alan Cox: "Re: sys_chroot+sys_fchdir Fix"
Next in thread: Alan Cox: "Re: sys_chroot+sys_fchdir Fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]