[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1363784025-23870-4-git-send-email-tchwella@mit.edu>
Date: Wed, 20 Mar 2013 05:53:45 -0700
From: Tal Tchwella <tal.tchwella@...il.com>
To: linux-kernel@...r.kernel.org
Cc: tchwella@....edu
Subject: [PATCH 3/3] open fds check when starting chroot
This patch checks for open fds to directories when a non-root user tries to chroot,
and does not allow that user to chroot if the application has an open fd to a directory
because the appilcation has an escape path with that fd.
Signed-off-by: Tal Tchwella <tchwella@....edu>
---
fs/open.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/fs/open.c b/fs/open.c
index 82832d8..6dc6443 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -426,6 +426,30 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename)
{
struct path path;
int error;
+ struct files_struct *current_files;
+ struct fdtable *files_table;
+ int i = 0;
+
+ error = -EPERM;
+ /*
+ * Checks to see if there are open file descriptors to directories
+ * when a user that does not have the chroot capability
+ * tries to chroot. Since chroot is availble to all users,
+ * want to eliminate ways to break out. The second part
+ * of the if statement, is true by default,
+ * since during the initilization of the kernel, it
+ * goes into chroot mode.
+ */
+ if (!capable(CAP_SYS_CHROOT) && current->user_chroot != CHROOT_INIT) {
+ current_files = current->files;
+ files_table = files_fdtable(current_files);
+ while (files_table->fd[i] != NULL) {
+ if (S_ISDIR(files_table->fd[i]->
+ f_dentry->d_inode->i_mode))
+ goto out;
+ i++;
+ }
+ }
error = user_path_dir(filename, &path);
if (error)
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists