Re: Security patch for /proc

Chris Evans (chris@ferret.lmh.ox.ac.uk)
Tue, 31 Mar 1998 11:14:19 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andreas Kostyrka: "Re: Security patch for /proc"
Previous message: Michael Remski: "Error in ip_masq_app.c, 2.1.92-pre2"

On Tue, 31 Mar 1998, Jeremy Fitzhardinge wrote:

> Hi all,
>
> Here's a patch which prevents chrooted processes from escaping from
> their chrooted area via /proc.

Hi,

I'm not sure I agree with this approach -- perhaps root processes should
not be allowed to use the mount() syscall if root_dir != real_root. The
other main source of nastiness is ptrace() -- this needs to be banned in a
similar manner. There are other ways root could escape a chroot()
jail, we need to think about them and eliminate them one by one.

Chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Andreas Kostyrka: "Re: Security patch for /proc"
Previous message: Michael Remski: "Error in ip_masq_app.c, 2.1.92-pre2"