| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Sep 2007 12:20:28 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: David Newall <david@...idnewall.com> Cc: "Serge E. Hallyn" <serge@...lyn.com>, Bill Davidsen <davidsen@....com>, Philipp Marek <philipp@...ek.priv.at>, 7eggert@....de, majkls <majkls@...pere.com>, bunk@...tum.de, linux-kernel@...r.kernel.org Subject: Re: Chroot bug > >>> The dot-dot entry in the root directory is interpreted to mean the > >>> root directory itself. Thus, dot-dot cannot be used to access files > >>> outside the subtree rooted at the root directory. > >>> > > > > Which is behaviour chroot preserves properly. > > > And yet it is the dot-dot entry which is used to access files outside > the root. Read it again, and read all the words. Notably "the dot-dot entry *IN* the root directory". When your current directory is above your root directory you do not pass through that dot-dot entry. > Do you believe that when those words were first written, the hidden > conflict, namely that it permits dot-dot to access files outside the > subtree, was understood? Yes. You need to remember the notion of chroot for "security" is a very new one, and not one that it was designed for. Which as I've said twice now is why things like vserver and BSD jails have evolved. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists