Re: Chroot bug

From: Miloslav Semler
Date: Tue Sep 25 2007 - 11:46:34 EST



On Sep 26 2007 00:40, David Newall wrote:
Miloslav Semler pointed out that a root process can chdir("..") out of its
chroot. Although this is documented in the man page, it conflicts with the
essential function, which is to change the root directory of the process. In
addition to any creative uses, for example Philipp Marek's loading dynamic
libraries, it seems clear that the prime purpose of chroot is to aid security.
Being able to cd your way out is handy for the bad guys, but the good guys
don't need it; there are a thousand better, safer solutions.

So what? Just do this: chdir into the root after chroot.

It won't conform to SVR4/4.4BSD anymore, but hey, let Linux set some
sane standard ain't bad either. I doubt anyone really relies on the
fact that after chroot, your cwd might be outside the root.
so then you corrupt pwd. I think that working directory should be set only if it is necessary. Fn directory_is_out is not big performace loss. And also you can break this fix with fchdir.

Miloslav
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/