Re: Security patch for /proc

Jeremy Fitzhardinge (jeremy@zip.com.au)
Wed, 01 Apr 1998 10:58:46 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nicolai Langfeldt: "2.1.91 died in the night"
Previous message: Ragnar Hojland Espinosa: "/dev/cua, /dev/ttyS (2.1.91)"

Savochkin Andrey Vladimirovich wrote:
>
> IMHO you overload the kernel.
> A non-root process can't escape from the chroot jail if no
> processes with the same owner are run in the origin root.

That's not something which can always be assumed. Other Unix systems
don't have /proc and don't make this requirement of someone using
chroot. It can be assumed that once a non-root process is in a chrooted
jail, it cannot escape, even if there's processes with different roots
and the same uid.

This is weakened by Linux's /proc, since they can escape. You can play
with uids to prevent this, but its a Linux-specific weakness you're
working around, and there's no guarentee that all software will make the
effort.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Nicolai Langfeldt: "2.1.91 died in the night"
Previous message: Ragnar Hojland Espinosa: "/dev/cua, /dev/ttyS (2.1.91)"