From: David Newall <david@davidnewall.com>
To: Jan Engelhardt <jengelh@computergmbh.de>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
Bill Davidsen <davidsen@tmr.com>,
Philipp Marek <philipp@marek.priv.at>,
7eggert@gmx.de, Alan Cox <alan@lxorguk.ukuu.org.uk>,
majkls <majkls@prepere.com>,
bunk@fs.tum.de, linux-kernel@vger.kernel.org
Subject: Re: Chroot bug
Date: Wed, 26 Sep 2007 01:11:11 +0930 [thread overview]
Message-ID: <46F92C17.3060405@davidnewall.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0709251715390.945@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> On Sep 26 2007 00:40, David Newall wrote:
>
>> Miloslav Semler pointed out that a root process can chdir("..") out of its
>> chroot.
> So what? Just do this: chdir into the root after chroot.
>
I don't think so. His exploit just got me all the way out of a chroot
within a chroot within a chroot, inclusive of lots of chdirs.
next prev parent reply other threads:[~2007-09-25 15:41 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <952DN-83o-31@gated-at.bofh.it>
[not found] ` <954cl-29C-3@gated-at.bofh.it>
[not found] ` <95ctn-74b-15@gated-at.bofh.it>
[not found] ` <95cMH-7um-19@gated-at.bofh.it>
[not found] ` <95gdA-4OZ-7@gated-at.bofh.it>
2007-09-20 11:13 ` sys_chroot+sys_fchdir Fix Bodo Eggert
2007-09-20 11:59 ` Philipp Marek
2007-09-20 12:52 ` majkls
2007-09-20 16:06 ` David Newall
2007-09-20 16:17 ` Philipp Marek
2007-09-20 18:02 ` David Newall
2007-09-20 20:53 ` Bill Davidsen
2007-09-21 8:29 ` David Newall
2007-09-24 21:32 ` Serge E. Hallyn
2007-09-24 22:04 ` David Newall
2007-09-24 23:00 ` Serge E. Hallyn
2007-09-25 7:45 ` David Newall
2007-09-25 11:49 ` Serge E. Hallyn
2007-09-25 13:58 ` David Newall
2007-09-25 15:10 ` Chroot bug (was: sys_chroot+sys_fchdir Fix) David Newall
2007-09-25 15:20 ` Jan Engelhardt
2007-09-25 15:39 ` Chroot bug Miloslav Semler
2007-09-25 15:41 ` David Newall [this message]
2007-09-25 15:48 ` Jan Engelhardt
2007-09-25 16:19 ` Miloslav Semler
2007-09-25 16:52 ` Jan Engelhardt
2007-09-25 17:00 ` Miloslav Semler
2007-09-25 17:05 ` Jan Engelhardt
2007-09-25 17:09 ` Miloslav Semler
2007-09-25 17:09 ` Al Viro
2007-09-25 17:19 ` Miloslav Semler
2007-09-25 16:53 ` Serge E. Hallyn
2007-09-25 20:51 ` David Newall
2007-09-25 15:30 ` Chroot bug (was: sys_chroot+sys_fchdir Fix) Alan Cox
2007-09-25 15:35 ` Chroot bug David Newall
2007-09-25 15:48 ` Alan Cox
2007-09-25 15:47 ` Jan Engelhardt
2007-09-25 23:50 ` David Newall
2007-09-26 0:18 ` Alan Cox
2007-09-26 10:24 ` David Newall
2007-09-26 10:47 ` Alan Cox
2007-09-26 11:06 ` David Newall
2007-09-26 11:20 ` Alan Cox
[not found] ` <46FA41B4.9040104@prepere.com>
[not found] ` <20070926123522.54ffd56f@the-village.bc.nu>
2007-09-26 11:34 ` Miloslav Semler
2007-09-26 14:09 ` Alan Cox
2007-09-26 13:13 ` Bongani Hlope
2007-09-26 0:55 ` Adrian Bunk
2007-09-26 5:21 ` Kyle Moffett
2007-09-26 5:25 ` Willy Tarreau
2007-09-26 10:27 ` David Newall
2007-09-26 10:45 ` Olivier Galibert
2007-09-26 11:13 ` David Newall
2007-09-26 13:18 ` linux-os (Dick Johnson)
2007-09-26 15:02 ` Olivier Galibert
2007-09-26 12:54 ` Kyle Moffett
2007-09-26 13:11 ` Miloslav Semler
2007-09-26 13:42 ` Al Viro
2007-09-26 14:51 ` Miloslav Semler
2007-09-26 14:02 ` Kyle Moffett
2007-09-26 15:01 ` Miloslav Semler
2007-09-27 13:49 ` Jiri Kosina
2007-09-25 16:33 ` Arjan van de Ven
2007-09-25 15:32 ` Chroot bug (was: sys_chroot+sys_fchdir Fix) Adrian Bunk
2007-09-25 15:43 ` Chroot bug Miloslav Semler
2007-09-25 16:02 ` Adrian Bunk
2007-09-26 19:23 ` Chroot bug (was: sys_chroot+sys_fchdir Fix) Bodo Eggert
2007-09-24 23:02 ` sys_chroot+sys_fchdir Fix Serge E. Hallyn
[not found] ` <95UE2-1oR-19@gated-at.bofh.it>
[not found] ` <95V72-2ly-17@gated-at.bofh.it>
[not found] ` <97pG8-3B5-47@gated-at.bofh.it>
[not found] ` <97sX2-p1-3@gated-at.bofh.it>
2007-09-26 9:38 ` Nick Craig-Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46F92C17.3060405@davidnewall.com \
--to=david@davidnewall.com \
--cc=7eggert@gmx.de \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@fs.tum.de \
--cc=davidsen@tmr.com \
--cc=jengelh@computergmbh.de \
--cc=linux-kernel@vger.kernel.org \
--cc=majkls@prepere.com \
--cc=philipp@marek.priv.at \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox