Re: access to proc filesystem from chrooted process
Andreas Bombe (firstname.lastname@example.org)
Sat, 22 May 1999 18:41:17 +0200
On Fri, May 21, 1999 at 07:23:30PM +0100, Peter Benie wrote:
> Riley Williams writes ("Re: access to proc filesystem from chrooted process"):
> > Unless I'm misunderstanding this, it appears to be pointless since
> > only processes chroot'd to / or /proc could see the entries in the
> > proc file system anyway, as if they're chroot'd anywhere else, they
> > can't even access /proc ???
> If you are setting up a server with a chrooted environment for users,
> it is useful to have /proc mounted inside the chroot so that programs
> like top and ps can work, so yes, users can get at /proc.
But then you have to be careful if you use that as a security
enhancement. Programs that are suid root can break out of their chroot
by cd'ing to /proc/1/root. If the user for some reason gets a program
to run outside of the chroot with his uid, they can break out without
suid by using this program's proc entry.
Andreas E. Bombe <email@example.com>
PGP 0x886663c9 30 EC 09 73 84 7B 55 83 C4 7A 91 D9 9D C5 4B B0
GPG 0x04880A44 72E5 7031 4414 2EB6 F6B4 4CBD 1181 7032 0488 0A44
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
Please read the FAQ at http://www.tux.org/lkml/