| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Oct 2006 21:02:50 -0600 From: ebiederm@...ssion.com (Eric W. Biederman) To: Bastian Blank <bastian@...di.eu.org> Cc: linux-kernel@...r.kernel.org, Andrew Morton <akpm@...l.org>, Linus Torvalds <torvalds@...l.org> Subject: Re: 2.6.18 - check for chroot, broken root and cwd values in procfs Bastian Blank <bastian@...di.eu.org> writes: > On Thu, Oct 12, 2006 at 04:02:24PM +0200, Bastian Blank wrote: >> The commit 778c1144771f0064b6f51bee865cceb0d996f2f9 replaced the old >> root-based security checks in procfs with processed based ones. > > The new behaviour even allows a user to escape from the chroot by using > chdir to /proc/$pid/cwd or /proc/$pid/root of a process he owns and > lives outside of the chroot. Yep. It makes it obvious that you can do that. If you were in a chroot you could always ptrace a process you own that was outside of the chroot, and cause it to do things, such as open a unix domain socket and pass you it's current root directory. chroot by itself has never been much of a jail. Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists