From mboxrd@z Thu Jan 1 00:00:00 1970 From: Shaya Potter Subject: Re: [PATCH 12/18] shared mount handling: bind and rbind Date: Wed, 16 Nov 2005 08:59:36 -0500 Message-ID: <1132149576.8155.23.camel@localhost.localdomain> References: <200511152129.04079.rob@landley.net> <200511160835.28636.a1426z@gawab.com> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: a1426z@gawab.com, torvalds@osdl.org, linuxram@us.ibm.com, viro@ftp.linux.org.uk, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, rob@landley.net Return-path: To: Miklos Szeredi In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Wed, 2005-11-16 at 09:19 +0100, Miklos Szeredi wrote: > > > This is why we have "pivot_root()" and "chroot()", which can both be used > > > to do what you want to do. You mount the new root somewhere else, and then > > > you chroot (or pivot-root) to it. And THEN you do 'chdir("/")' to move the > > > cwd into the new root too (and only at that point have you "lost" the old > > > root - although you can actually get it back if you have some file > > > descriptor open to it). > > > > Wouldn't this constitute a security flaw? > > > > Shouldn't chroot jail you? > > No, chroot should just change the root. > > If you don't want to be able to get back the old root, just close all > file descriptors _in addition_ to chroot() and chdir(). hah. As long as you're running as root, chroot() again to a directory below you, and you effectively broken the chroot and can make a relative path to the old root. :) I created a patch years ago that creates a chain of "chroot" points, and any past chroot point would be considered a place that follow_dotdot would consider a root. There didn't seem much interest in the patch though.