From: Al Viro <viro@zeniv.linux.org.uk>
To: David Laight <David.Laight@aculab.com>
Cc: "'Eric W. Biederman'" <ebiederm@xmission.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [CFT][PATCH] proc: Update /proc/net to point at the accessing threads network namespace
Date: Mon, 3 Oct 2022 15:03:03 +0100 [thread overview]
Message-ID: <Yzrrl4MkM+xRysYd@ZenIV> (raw)
In-Reply-To: <592405fa149247f58d05a213b8c6f711@AcuMS.aculab.com>
On Mon, Oct 03, 2022 at 09:36:46AM +0000, David Laight wrote:
> ...
> > * ability to chroot(2) had always been equivalent to ability to undo
> > chroot(2). If you want to prevent getting out of there, you need
> > (among other things) to prevent the processes to be confined from
> > further chroot(2).
>
> Not always, certainly not historically.
Factually incorrect.
> chroot() inside a chroot() just constrained you further.
What it did was change your root directory. Yes, deeper.
And leave your current directory where it had been.
Now, recall that chroot does *NOT* affect the
interpretation of .. other than in the current root.
Which means that attacker doing
chdir("/");
chroot(some_existing_directory);
chdir("..");
will end up outside of the original chroot environment.
This is POSIX-mandated behaviour. Moreover, that is behaviour of
historical Unices. Any Unix programmer who tries to use chroot(2)
should be aware of that. Ability of making chroot(2) calls
means the ability to break out of any chroot you are currently in.
> If fchdir() and openat() have broken that it is a serious
> problem.
Have you even read the mail you'd been replying to? Where had anything
in the example given (OK sketched out) to you upthread involve fchdir()
or openat()?
next prev parent reply other threads:[~2022-10-03 14:03 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-29 15:22 [PATCH 3/4] proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net David Laight
2022-09-29 18:21 ` Linus Torvalds
2022-09-29 18:50 ` Al Viro
2022-09-29 19:00 ` Al Viro
2022-09-29 19:05 ` Linus Torvalds
2022-09-29 19:34 ` Al Viro
2022-09-29 21:13 ` Linus Torvalds
2022-09-29 21:21 ` Al Viro
2022-09-29 21:27 ` Al Viro
2022-09-29 21:31 ` Linus Torvalds
2022-09-29 21:15 ` Al Viro
2022-09-29 21:29 ` Linus Torvalds
2022-09-29 22:14 ` Eric W. Biederman
2022-09-29 22:48 ` [CFT][PATCH] proc: Update /proc/net to point at the accessing threads network namespace Eric W. Biederman
2022-09-29 23:38 ` Al Viro
2022-09-30 3:19 ` kernel test robot
2022-09-30 6:07 ` kernel test robot
2022-09-30 9:30 ` David Laight
2022-09-30 16:17 ` Eric W. Biederman
2022-09-30 21:28 ` David Laight
2022-10-01 23:11 ` Al Viro
2022-10-03 9:36 ` David Laight
2022-10-03 14:03 ` Al Viro [this message]
2022-10-03 17:07 ` Eric W. Biederman
2022-10-03 18:49 ` Al Viro
2022-10-04 8:53 ` David Laight
2022-10-05 13:10 ` [proc] 5336f1902b: BUG:KASAN:global-out-of-bounds_in_memchr kernel test robot
2022-09-29 19:00 ` [PATCH 3/4] proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net Linus Torvalds
-- strict thread matches above, loose matches on Subject: below --
2022-09-30 14:01 [CFT][PATCH] proc: Update /proc/net to point at the accessing threads network namespace Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yzrrl4MkM+xRysYd@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=David.Laight@aculab.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox