[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200709261513.52883.bonganilinux@mweb.co.za>
Date: Wed, 26 Sep 2007 15:13:52 +0200
From: Bongani Hlope <bonganilinux@...b.co.za>
To: David Newall <david@...idnewall.com>
Cc: Alan Cox <alan@...rguk.ukuu.org.uk>,
"Serge E. Hallyn" <serge@...lyn.com>,
Bill Davidsen <davidsen@....com>,
Philipp Marek <philipp@...ek.priv.at>, 7eggert@....de,
majkls <majkls@...pere.com>, bunk@...tum.de,
linux-kernel@...r.kernel.org
Subject: Re: Chroot bug
On Wednesday 26 September 2007 13:06:51 David Newall wrote:
> Alan Cox wrote:
> >>> The dot-dot entry in the root directory is interpreted to mean the
> >>> root directory itself. Thus, dot-dot cannot be used to access files
> >>> outside the subtree rooted at the root directory.
> >
> > Which is behaviour chroot preserves properly.
>
> And yet it is the dot-dot entry which is used to access files outside
> the root.
>
> > The specification says explicitly
> >
> > "The process working directory is unaffected by chroot()."
>
> Do you believe that when those words were first written, the hidden
> conflict, namely that it permits dot-dot to access files outside the
> subtree, was understood? They would have said so if that were the case.
You seem to be misunderstanding what Alan is trying to say to you, if your
program calls chroot, it's working directory is unaffected. Programs that are
started in the chrooted root, will be affected.
i.e. if you run chroot in bash, the bash process's CWD is not affected and
bash can escape the chrooted root, but if you run ls .., it will not escape.
If you do not get too emotional, you tend to understand what people are trying
to say.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists