From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Mitchell Blank Jr <mitch@sfgoth.com>
Cc: Arjan van de Ven <arjan@infradead.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [RFC] relinquish_fs() syscall
Date: Tue, 30 Nov 2004 13:43:27 +0000 [thread overview]
Message-ID: <1101822206.25617.28.camel@localhost.localdomain> (raw)
In-Reply-To: <20041130141204.GE63669@gaz.sfgoth.com>
On Maw, 2004-11-30 at 14:12, Mitchell Blank Jr wrote:
> > iirc there are anonymous unix sockets...
>
> Ah, I see now -- the sun_path[0]=='\0' code. I'll have to take a look
> at that; probably just need to add a check to prevent jailed processes
> from using those sockets (since they're supposed to be in a "null"
> namespace) Will investigate later this week.
You would probably want a "private" AF_UNIX namespace too. The fact its
a single namespace for "anonymous" AF_UNIX and the \0 trick is used is
really legacy unix compatibility. Having multiple such namespaces is
certainly
doable. It's the same problem as the shared memory, semaphore and
message
queue objects have because they fall out of the filesystem namespace.
Posix
has fixed these but very few apps use the new forms.
>
> It looks like this is also a weakness in code that currently uses
> chroot("/var/empty") It's not the end of the world since it still
> requires a cooperating unjailed process on the same host as the jailed
> one to pass in a fd which is quite an obstacle in most scenarios. Still,
> it's something that should be protected against.
Also you need to look at fchdir(). If I accidentally pass you a file
handle to a directory (or maybe to a file in reiser4 world ?) you can
fchdir() out of the chroot.
Alan
next prev parent reply other threads:[~2004-11-30 14:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-29 11:43 [RFC] relinquish_fs() syscall Mitchell Blank Jr
2004-11-29 11:51 ` Alan Cox
2004-11-29 13:55 ` Mitchell Blank Jr
2004-11-29 15:17 ` Alan Cox
2004-11-30 13:27 ` Mitchell Blank Jr
2004-11-30 13:44 ` Arjan van de Ven
2004-11-30 14:12 ` Mitchell Blank Jr
2004-11-30 13:43 ` Alan Cox [this message]
2004-12-05 0:14 ` Rob Landley
2004-11-30 12:29 ` Helge Hafting
2004-11-30 13:48 ` Mitchell Blank Jr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1101822206.25617.28.camel@localhost.localdomain \
--to=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mitch@sfgoth.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox