lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 27 Sep 2007 02:01:37 +0200
From:	Adrian Bunk <bunk@...nel.org>
To:	David Newall <david@...idnewall.com>
Cc:	Christer Weinigel <christer@...nigel.se>,
	Al Viro <viro@....linux.org.uk>,
	Phillip Susi <psusi@....rr.com>,
	Bill Davidsen <davidsen@....com>, majkls <majkls@...pere.com>,
	linux-kernel@...r.kernel.org
Subject: Re: sys_chroot+sys_fchdir Fix

On Thu, Sep 27, 2007 at 09:05:33AM +0930, David Newall wrote:
> Adrian Bunk wrote:
>> You are claiming "They went so far as to say that dot-dot wouldn't let you 
>> out"?
>>   
>
> I phrased it in a somewhat conversational way.  The promise, which I've now 
> quoted from multiple sources, is expressed variously, including:
>> The dot-dot entry in the root directory is interpreted to mean the root 
>> directory itself. Thus, dot-dot cannot be used to access files outside the 
>> subtree rooted at the root directory.

You claimed:

<--  snip  -->

Look, when chroot was being designed, I think they intended that even root 
should be unable to get out. They went so far as to say that dot-dot 
wouldn't let you out; and it doesn't.

<--  snip  -->

You were clearly saying that whom you call "they" were the people who 
designed chroot. And it was you who was claiming in this statement that
"they" said it.

The OpenBSD manpage you quoted in this thread states chroot() was added 
in 4.2BSD, and 4.2BSD was released in 1983.

You should therefore either bring a source where the people who designed 
chroot() in 1983 or earlier are stating what you claim they said or 
admit that you were talking utter bullshit.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ