lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <46FC5381.409@davidnewall.com>
Date:	Fri, 28 Sep 2007 10:36:09 +0930
From:	David Newall <david@...idnewall.com>
To:	Bill Davidsen <davidsen@....com>
CC:	Theodore Tso <tytso@....edu>,
	Christer Weinigel <christer@...nigel.se>,
	Al Viro <viro@....linux.org.uk>,
	Phillip Susi <psusi@....rr.com>, majkls <majkls@...pere.com>,
	bunk@...tum.de, linux-kernel@...r.kernel.org
Subject: Re: sys_chroot+sys_fchdir Fix

Bill Davidsen wrote: 
> It seems there are (at least) two parts to this, one regarding 
> changing working directory which is clearly stated in the standards 
> and must work as it does, and the various issues regarding getting out 
> of the chroot after the cwd has entered that changed root. That second 
> part seems to offer room for additional controls on getting out of the 
> chroot which do not violate any of the obvious standards, and which 
> therefore might be valid candidates for discussion on the basis of 
> benefit rather than portability.

Correct.  BSDs solved the problem by changing cwd on subsequent use of 
chroot; I think there's a better way.  I think the solution might be to 
add a "previous root", and restrict the process there as well as the new 
root.  That is, once cwd is set within the new root, that new root is 
the limit.  Prior to setting cwd within the new root, the previous root 
is the limit.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ