Re: can chroot be made safe for non-root?

Jesse Pollard (pollard@admin.navo.hpc.mil)
Tue, 22 Oct 2002 10:42:29 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin Josefsson: "Re: can chroot be made safe for non-root?"
Previous message: Patrick Mansfield: "Re: [PATCH] scsi_error device offline fix"

On Saturday 19 October 2002 12:44 pm, Eric Buddington wrote:
> On Tue, Oct 15, 2002 at 11:44:32PM -0700, Philippe Troin wrote:
> > > Would it be reasonable to allow non-root processes to chroot(), if the
> > > chroot syscall also changed the cwd for non-root processes?
> >
> > No.
> >
> > fd = open("/", O_RDONLY);
> > chroot("/tmp");
> > fchdir(fd);
> >
> > and you're out of the chroot.
>
> I see. From my aesthetic, it would make sense for chroots to 'stack',
> such that once a directory is made the root directory, its '..' entry
> *always* points to itself, even after another chroot(). That would
> prevent the above break (you could be outside the new root, but you
> still couldn't back out past the old root), though perhaps at an
> unacceptable in complexity.

That isn't relevent - the fchdir(fd) doesn't use a path. It doesn't matter
what is done to the ".." entry. fd is referring to an OPEN file id. The
chdir goes to the file id, bypassing any path name evaluation.

-- ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Josefsson: "Re: can chroot be made safe for non-root?"
Previous message: Patrick Mansfield: "Re: [PATCH] scsi_error device offline fix"