Re: Chroot bug

From: David Newall
Date: Wed Sep 26 2007 - 06:27:51 EST

Next message: David Newall: "Re: sys_chroot+sys_fchdir Fix"
Previous message: David Newall: "Re: Chroot bug"
In reply to: Willy Tarreau: "Re: Chroot bug"
Next in thread: Olivier Galibert: "Re: Chroot bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kyle Moffett wrote:

David, please do tell myself and Adrian how "locking down" chroot() the way you want will avoid letting root break out through any of the above ways?

As has been said, there are thousands of ways to break out of a chroot. It's just that one of them should not be that chroot lets you walk out. I can't explain it clearer than that. If you don't see it now you probably never will.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Newall: "Re: sys_chroot+sys_fchdir Fix"
Previous message: David Newall: "Re: Chroot bug"
In reply to: Willy Tarreau: "Re: Chroot bug"
Next in thread: Olivier Galibert: "Re: Chroot bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]