From: jesse <jesse@wirex.com>
To: linux-kernel@vger.kernel.org
Subject: Re: Linux 2.2.18pre21
Date: Fri, 17 Nov 2000 11:23:36 -0800 [thread overview]
Message-ID: <20001117112336.A8854@wirex.com> (raw)
In-Reply-To: <E13u4XD-0001oe-00@the-village.bc.nu> <20001116150704.A883@emma1.emma.line.org> <20001116171618.A25545@athlon.random> <20001116115249.A8115@wirex.com> <20001117003000.B2918@wire.cadcamlab.org>
In-Reply-To: <20001117003000.B2918@wire.cadcamlab.org>; from peter@cadcamlab.org on Fri, Nov 17, 2000 at 12:30:00AM -0600
On Fri, Nov 17, 2000 at 12:30:00AM -0600, Peter Samuelson wrote:
> Two easy "get out of jail free" cards. There are other, more complex
> exploits. You have added one more. They all require root privileges.
Actually, I've heard that a chrooted _non-root_ process can find another
process with the same uid that's not chrooted and can ptrace() to pull
itself out of the jail.
I'd imagine dropping CAP_SYS_PTRACE would avoid this, though.
> Bottom line: once you are in the chroot jail, you must drop root
> privileges, or you defeat the purpose. Security-conscious coders know
> this; it's not Linux-specific behavior or anything.
It appears that even dropping root privileges might not be enough.
And I realize that there are a number of ways that a root process can
escape, I was mostly objecting to the assertion that chroot() was secure
because everything before the chroot call is assumed to be trusted.
-Jesse
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2000-11-17 19:54 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-11-10 3:07 Linux 2.2.18pre21 Alan Cox
2000-11-10 3:44 ` David S. Miller
2000-11-10 11:35 ` Benjamin Herrenschmidt
2000-11-10 15:42 ` Tom Rini
2000-11-10 15:34 ` David S. Miller
2000-11-10 10:59 ` Arnaud S . Launay
2000-11-10 10:52 ` David S. Miller
2000-11-16 14:07 ` Matthias Andree
2000-11-16 16:16 ` Andrea Arcangeli
2000-11-16 19:52 ` jesse
2000-11-16 20:02 ` chroot [Was: Re: Linux 2.2.18pre21] Kurt Roeckx
2000-11-16 21:40 ` Linux 2.2.18pre21 Alan Cox
2000-11-18 10:07 ` Rogier Wolff
2000-11-18 17:32 ` kuznet
2000-11-18 17:34 ` Rogier Wolff
2000-11-18 17:47 ` kuznet
2000-11-18 17:51 ` Rogier Wolff
2000-11-16 22:56 ` Matthias Andree
2000-11-17 6:30 ` Peter Samuelson
2000-11-17 6:40 ` H. Peter Anvin
2000-11-17 11:22 ` Peter Samuelson
2000-11-17 17:35 ` H. Peter Anvin
2000-11-17 11:34 ` Matthias Andree
2000-11-17 19:23 ` jesse [this message]
2000-11-18 20:44 ` Pavel Machek
2000-11-18 1:38 ` Nix
2000-11-21 4:19 ` Peter Samuelson
-- strict thread matches above, loose matches on Subject: below --
2000-11-10 9:28 willy tarreau
2000-11-10 9:44 ` Matti Aarnio
2000-11-10 9:57 ` Constantine Gavrilov
2000-11-10 10:14 ` Matti Aarnio
2000-11-10 10:22 ` Constantine Gavrilov
2000-11-10 10:51 ` Matti Aarnio
2000-11-10 19:11 ` Thomas Davis
2000-11-10 10:18 ` Constantine Gavrilov
2000-11-10 10:40 willy tarreau
2000-11-10 10:49 willy tarreau
2000-11-10 11:21 willy tarreau
2000-11-13 7:00 willy tarreau
2000-11-13 9:47 willy tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20001117112336.A8854@wirex.com \
--to=jesse@wirex.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.