Regards
Andrey V.
Savochkin
On Tue, Mar 31, 1998 at 01:17:36PM +1000, Jeremy Fitzhardinge wrote:
> [ Following up to my own posting - sigh. This is basically
> a resend with a slightly more liberal access policy and more
> patch-friendly diff. ]
>
> Hi all,
>
> Here's a patch which prevents chrooted processes from escaping from
> their chrooted area via /proc.
>
> At present, if you set up a chroot domain, you can't mount /proc in it,
> because processes can easily escape by chdiring through another
> non-chrooted process's root or cwd. This patch disallows access to a
> process in /proc unless it has the same or more restrictive root than
> your own.
>
> This still doesn't allow you to run root processes in a chrooted area
> with complete safety, but it does mean you can have processes with the
> same uid in different chrooted domains.
>
> Missing features:
> - signal and ptrace should do similar checks, otherwise chrooted
> processes can still cause system-wide havoc
> - root processes should (optionally) lose priviledge which chrooted - a
> capability mask is probably the right way of doing this
> - chrooted processes which have been leaked file descriptors
> (particularly directory fds) from outside the domain are still an escape
> path
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu