From: Jesse Pollard <pollard@admin.navo.hpc.mil>
To: ebuddington@wesleyan.edu,
Eric Buddington <eric@ma-northadams1b-3.bur.adelphia.net>,
linux-kernel@vger.kernel.org
Subject: Re: can chroot be made safe for non-root?
Date: Tue, 22 Oct 2002 10:42:29 -0500 [thread overview]
Message-ID: <200210221042.29498.pollard@admin.navo.hpc.mil> (raw)
In-Reply-To: <20021019134445.B28191@ma-northadams1b-3.bur.adelphia.net>
On Saturday 19 October 2002 12:44 pm, Eric Buddington wrote:
> On Tue, Oct 15, 2002 at 11:44:32PM -0700, Philippe Troin wrote:
> > > Would it be reasonable to allow non-root processes to chroot(), if the
> > > chroot syscall also changed the cwd for non-root processes?
> >
> > No.
> >
> > fd = open("/", O_RDONLY);
> > chroot("/tmp");
> > fchdir(fd);
> >
> > and you're out of the chroot.
>
> I see. From my aesthetic, it would make sense for chroots to 'stack',
> such that once a directory is made the root directory, its '..' entry
> *always* points to itself, even after another chroot(). That would
> prevent the above break (you could be outside the new root, but you
> still couldn't back out past the old root), though perhaps at an
> unacceptable in complexity.
That isn't relevent - the fchdir(fd) doesn't use a path. It doesn't matter
what is done to the ".." entry. fd is referring to an OPEN file id. The
chdir goes to the file id, bypassing any path name evaluation.
--
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil
Any opinions expressed are solely my own.
next prev parent reply other threads:[~2002-10-22 15:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-16 5:51 can chroot be made safe for non-root? Eric Buddington
2002-10-16 6:44 ` Philippe Troin
2002-10-16 21:18 ` David Wagner
2002-10-16 22:04 ` Philippe Troin
2002-10-16 22:00 ` David Wagner
2002-10-19 17:44 ` Eric Buddington
2002-10-19 19:07 ` Bernd Eckenfels
[not found] ` <200210201715.07150.landley@trommello.org>
2002-10-21 20:29 ` Bernd Eckenfels
2002-10-22 15:42 ` Jesse Pollard [this message]
2002-10-22 16:55 ` Shaya Potter
2002-10-21 15:22 ` Alan Cox
2002-10-22 7:21 ` Ville Herva
2002-10-22 14:15 ` Shaya Potter
2002-10-22 15:55 ` Martin Josefsson
2002-10-16 21:14 ` David Wagner
2002-10-18 19:01 ` Pavel Machek
2002-10-18 20:14 ` David Wagner
2002-10-18 21:07 ` Shaya Potter
2002-10-18 21:00 ` David Wagner
2002-10-18 21:36 ` Shaya Potter
-- strict thread matches above, loose matches on Subject: below --
2002-10-17 5:08 Niels Provos
2002-10-19 19:42 Hank Leininger
2002-10-20 10:40 ` Bernd Eckenfels
2002-10-20 14:49 ` Shaya Potter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200210221042.29498.pollard@admin.navo.hpc.mil \
--to=pollard@admin.navo.hpc.mil \
--cc=ebuddington@wesleyan.edu \
--cc=eric@ma-northadams1b-3.bur.adelphia.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox