From: jesse <jesse@wirex.com>
To: linux-kernel@vger.kernel.org
Subject: Re: Linux 2.2.18pre21
Date: Fri, 17 Nov 2000 11:23:36 -0800 [thread overview]
Message-ID: <20001117112336.A8854@wirex.com> (raw)
In-Reply-To: <E13u4XD-0001oe-00@the-village.bc.nu> <20001116150704.A883@emma1.emma.line.org> <20001116171618.A25545@athlon.random> <20001116115249.A8115@wirex.com> <20001117003000.B2918@wire.cadcamlab.org>
In-Reply-To: <20001117003000.B2918@wire.cadcamlab.org>; from peter@cadcamlab.org on Fri, Nov 17, 2000 at 12:30:00AM -0600
On Fri, Nov 17, 2000 at 12:30:00AM -0600, Peter Samuelson wrote:
> Two easy "get out of jail free" cards. There are other, more complex
> exploits. You have added one more. They all require root privileges.
Actually, I've heard that a chrooted _non-root_ process can find another
process with the same uid that's not chrooted and can ptrace() to pull
itself out of the jail.
I'd imagine dropping CAP_SYS_PTRACE would avoid this, though.
> Bottom line: once you are in the chroot jail, you must drop root
> privileges, or you defeat the purpose. Security-conscious coders know
> this; it's not Linux-specific behavior or anything.
It appears that even dropping root privileges might not be enough.
And I realize that there are a number of ways that a root process can
escape, I was mostly objecting to the assertion that chroot() was secure
because everything before the chroot call is assumed to be trusted.
-Jesse
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2000-11-17 19:54 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-11-10 3:07 Linux 2.2.18pre21 Alan Cox
2000-11-10 3:44 ` David S. Miller
2000-11-10 11:35 ` Benjamin Herrenschmidt
2000-11-10 15:42 ` Tom Rini
2000-11-10 15:34 ` David S. Miller
2000-11-10 10:59 ` Arnaud S . Launay
2000-11-10 10:52 ` David S. Miller
2000-11-16 14:07 ` Matthias Andree
2000-11-16 16:16 ` Andrea Arcangeli
2000-11-16 19:52 ` jesse
2000-11-16 20:02 ` chroot [Was: Re: Linux 2.2.18pre21] Kurt Roeckx
2000-11-16 21:40 ` Linux 2.2.18pre21 Alan Cox
2000-11-18 10:07 ` Rogier Wolff
2000-11-18 17:32 ` kuznet
2000-11-18 17:34 ` Rogier Wolff
2000-11-18 17:47 ` kuznet
2000-11-18 17:51 ` Rogier Wolff
2000-11-16 22:56 ` Matthias Andree
2000-11-17 6:30 ` Peter Samuelson
2000-11-17 6:40 ` H. Peter Anvin
2000-11-17 11:22 ` Peter Samuelson
2000-11-17 17:35 ` H. Peter Anvin
2000-11-17 11:34 ` Matthias Andree
2000-11-17 19:23 ` jesse [this message]
2000-11-18 20:44 ` Pavel Machek
2000-11-18 1:38 ` Nix
2000-11-21 4:19 ` Peter Samuelson
-- strict thread matches above, loose matches on Subject: below --
2000-11-10 9:28 willy tarreau
2000-11-10 9:44 ` Matti Aarnio
2000-11-10 9:57 ` Constantine Gavrilov
2000-11-10 10:14 ` Matti Aarnio
2000-11-10 10:22 ` Constantine Gavrilov
2000-11-10 10:51 ` Matti Aarnio
2000-11-10 19:11 ` Thomas Davis
2000-11-10 10:18 ` Constantine Gavrilov
2000-11-10 10:40 willy tarreau
2000-11-10 10:49 willy tarreau
2000-11-10 11:21 willy tarreau
2000-11-13 7:00 willy tarreau
2000-11-13 9:47 willy tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20001117112336.A8854@wirex.com \
--to=jesse@wirex.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox