Re: sys_chroot+sys_fchdir Fix

From: Phillip Susi
Date: Tue Sep 25 2007 - 16:53:35 EST

Next message: Thomas Gleixner: "Re: [PATCH] x86-64: Disable local APIC timer use on AMD systemswith C1E"
Previous message: David Newall: "Re: Chroot bug"
In reply to: Serge E. Hallyn: "Re: sys_chroot+sys_fchdir Fix"
Next in thread: Al Viro: "Re: sys_chroot+sys_fchdir Fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox wrote:

On Fri, 21 Sep 2007 13:39:34 -0400
Phillip Susi <psusi@xxxxxxxxxx> wrote:

David Newall wrote:
* In particular, the superuser can escape from a =91chroot jail=92 by d=
oing=20
=91mkdir foo; chroot foo; cd ..=92.

No, he can not.

The superuser can escape that way - its expected and fine behaviour

Does not work for me, and that would be the EXACT thing chroot is supposed to prevent. Maybe you guys are thinking of a program that calls chroot() but leaves cwd outside the chroot still being able to navigate outside of it?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [PATCH] x86-64: Disable local APIC timer use on AMD systemswith C1E"
Previous message: David Newall: "Re: Chroot bug"
In reply to: Serge E. Hallyn: "Re: sys_chroot+sys_fchdir Fix"
Next in thread: Al Viro: "Re: sys_chroot+sys_fchdir Fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]