From: Martin Josefsson <gandalf@wlug.westbo.se>
To: Shaya Potter <spotter@cs.columbia.edu>
Cc: Ville Herva <vherva@niksula.hut.fi>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: can chroot be made safe for non-root?
Date: 22 Oct 2002 17:55:13 +0200 [thread overview]
Message-ID: <1035302113.723.20.camel@tux> (raw)
In-Reply-To: <1035296135.1089.35.camel@zaphod>
On Tue, 2002-10-22 at 16:15, Shaya Potter wrote:
> from vserver patch
>
> diff -rc2P linux-2.4.19/fs/namei.c linux-2.4.19ctx-14/fs/namei.c
> *** linux-2.4.19/fs/namei.c Tue Aug 6 15:02:24 2002
> --- linux-2.4.19ctx-14/fs/namei.c Sun Oct 13 23:58:55 2002
> ***************
> *** 153,156 ****
> --- 153,165 ----
> umode_t mode = inode->i_mode;
>
> + /*
> + A dir with permission bit all 0s is a dead zone for
> + process running in a vserver. By doing
> + chmod 000 /vservers
> + you fix the "escape from chroot" bug.
> + */
> + if ((mode & 0777) == 0
> + && S_ISDIR(mode)
> + && current->s_context != 0) return -EACCES;
> if (mask & MAY_WRITE) {
> /*
>
> I don't think that will work, especially as it seems vserver's dont
> nest.
This was just a quick and dirty fix to prevent root in a vserver from
breaking out into the "real server", that's it. chroot() inside a
vserver works exactly the same way as without vservers.
One negative sideeffect is that root in a vserver can't access any
directory with all 0s in the permission bits. But that's better than
having root in a vserver being able to go out into the "real server".
I'm not saying this is a very good solution but I think it at least does
what it's supposed to do in a dirty way.
--
/Martin
Never argue with an idiot. They drag you down to their level, then beat
you with experience.
next prev parent reply other threads:[~2002-10-22 15:49 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-16 5:51 can chroot be made safe for non-root? Eric Buddington
2002-10-16 6:44 ` Philippe Troin
2002-10-16 21:18 ` David Wagner
2002-10-16 22:04 ` Philippe Troin
2002-10-16 22:00 ` David Wagner
2002-10-19 17:44 ` Eric Buddington
2002-10-19 19:07 ` Bernd Eckenfels
[not found] ` <200210201715.07150.landley@trommello.org>
2002-10-21 20:29 ` Bernd Eckenfels
2002-10-22 15:42 ` Jesse Pollard
2002-10-22 16:55 ` Shaya Potter
2002-10-21 15:22 ` Alan Cox
2002-10-22 7:21 ` Ville Herva
2002-10-22 14:15 ` Shaya Potter
2002-10-22 15:55 ` Martin Josefsson [this message]
2002-10-16 21:14 ` David Wagner
2002-10-18 19:01 ` Pavel Machek
2002-10-18 20:14 ` David Wagner
2002-10-18 21:07 ` Shaya Potter
2002-10-18 21:00 ` David Wagner
2002-10-18 21:36 ` Shaya Potter
-- strict thread matches above, loose matches on Subject: below --
2002-10-17 5:08 Niels Provos
2002-10-19 19:42 Hank Leininger
2002-10-20 10:40 ` Bernd Eckenfels
2002-10-20 14:49 ` Shaya Potter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1035302113.723.20.camel@tux \
--to=gandalf@wlug.westbo.se \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=spotter@cs.columbia.edu \
--cc=vherva@niksula.hut.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox