| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Sep 2007 10:36:09 +0930 From: David Newall <david@...idnewall.com> To: Bill Davidsen <davidsen@....com> CC: Theodore Tso <tytso@....edu>, Christer Weinigel <christer@...nigel.se>, Al Viro <viro@....linux.org.uk>, Phillip Susi <psusi@....rr.com>, majkls <majkls@...pere.com>, bunk@...tum.de, linux-kernel@...r.kernel.org Subject: Re: sys_chroot+sys_fchdir Fix Bill Davidsen wrote: > It seems there are (at least) two parts to this, one regarding > changing working directory which is clearly stated in the standards > and must work as it does, and the various issues regarding getting out > of the chroot after the cwd has entered that changed root. That second > part seems to offer room for additional controls on getting out of the > chroot which do not violate any of the obvious standards, and which > therefore might be valid candidates for discussion on the basis of > benefit rather than portability. Correct. BSDs solved the problem by changing cwd on subsequent use of chroot; I think there's a better way. I think the solution might be to add a "previous root", and restrict the process there as well as the new root. That is, once cwd is set within the new root, that new root is the limit. Prior to setting cwd within the new root, the previous root is the limit. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists