From: Casey Schaufler <casey@schaufler-ca.com>
To: tal.tchwella@gmail.com
Cc: linux-kernel@vger.kernel.org, tchwella@mit.edu,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH 0/3] Patches to enable chroot for all users
Date: Wed, 20 Mar 2013 08:35:19 -0700 [thread overview]
Message-ID: <5149D737.6080409@schaufler-ca.com> (raw)
In-Reply-To: <1363784947-24060-1-git-send-email-tal.tchwella@gmail.com>
On 3/20/2013 6:09 AM, tal.tchwella@gmail.com wrote:
> From: Tal Tchwella <tchwella@mit.edu>
>
> I want to suggest adding chroot capability to all users.
It is much too easy to create an environment for
tricking privileged programs using chroot to allow
unprivileged processes to use chroot. /etc/shadow
is your trivial attack surface.
> The following patches enable that capability, while considering the security mechanism needed to disable escape routes for chroots by non-root users,
> and keeping chroot backward-compatible for root users.
> The first patch establishes the concept of multi-user chroot, while disabling checks for root user in the chroot process.
> The second patch checks whether a fd that is sent to a chroot application by a non-root user refers to a directory.
> If that is the case, that fd is skipped, to disable an escape route.
> The third patch disables the option for applications that have open fds to directories to be chrooted by a non-root user.
>
> These patches were applied and test on linux-kernel 3.2.0-31-generic.
>
> Any comments, feedback and suggestions are appreciated!
>
> Thanks,
> Tal
>
>
> Tal Tchwella (3):
> enabled chroot for all users
> socket checks for uds fds transfer
> open fds check when starting chroot
>
> fs/exec.c | 3 +++
> fs/open.c | 32 ++++++++++++++++++++++++++++++--
> include/linux/sched.h | 12 ++++++++++++
> init/main.c | 1 +
> kernel/fork.c | 2 ++
> net/core/scm.c | 9 +++++++++
> 6 files changed, 57 insertions(+), 2 deletions(-)
>
next prev parent reply other threads:[~2013-03-20 15:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-20 13:09 [PATCH 0/3] Patches to enable chroot for all users tal.tchwella
2013-03-20 13:09 ` [PATCH 1/3] enabled " tal.tchwella
2013-03-20 13:09 ` [PATCH 2/3] socket checks for uds fds transfer tal.tchwella
2013-03-20 13:09 ` [PATCH 3/3] open fds check when starting chroot tal.tchwella
2013-03-20 15:35 ` Casey Schaufler [this message]
-- strict thread matches above, loose matches on Subject: below --
2013-03-20 12:53 [PATCH 0/3] Patches to enable chroot for all users Tal Tchwella
2013-03-20 15:16 ` Rob Landley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5149D737.6080409@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tal.tchwella@gmail.com \
--cc=tchwella@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.