lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 5 Aug 2019 20:36:30 +1000
From:   Aleksa Sarai <asarai@...e.de>
To:     "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
Cc:     "Serge E. Hallyn" <serge@...lyn.com>,
        linux-man <linux-man@...r.kernel.org>,
        Containers <containers@...ts.linux-foundation.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Andy Lutomirski <luto@...capital.net>,
        Jordan Ogas <jogas@...l.gov>, Al Viro <viro@....linux.org.uk>
Subject: Re: pivot_root(".", ".") and the fchdir() dance

On 2019-08-01, Michael Kerrisk (man-pages) <mtk.manpages@...il.com> wrote:
> I'd like to add some documentation about the pivot_root(".", ".")
> idea, but I have a doubt/question. In the lxc_pivot_root() code we
> have these steps
> 
>         oldroot = open("/", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
>         newroot = open(rootfs, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
> 
>         fchdir(newroot);
>         pivot_root(".", ".");
> 
>         fchdir(oldroot);      // ****

This one is "required" because (as the pivot_root(2) man page states),
it's technically not guaranteed by the kernel that the process's cwd
will be the same after pivot_root(2):

> pivot_root() may or may not change the current root and the current
> working directory of any processes or threads which use the old root
> directory.

Now, if it turns out that we can rely on the current behaviour (and the
man page you're improving is actually inaccurate on this point) then
you're right that this fchdir(2) isn't required.

>         mount("", ".", "", MS_SLAVE | MS_REC, NULL);
>         umount2(".", MNT_DETACH);

>         fchdir(newroot);      // ****

And this one is required because we are in @oldroot at this point, due
to the first fchdir(2). If we don't have the first one, then switching
from "." to "/" in the mount/umount2 calls should fix the issue.

We do something very similar to this in runc as well[1] (though, as the
commit message says, I "borrowed" the idea from LXC).

[1]: https://github.com/opencontainers/runc/commit/f8e6b5af5e120ab7599885bd13a932d970ccc748

-- 
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ