Re: [RFC][PATCH-2.4] Prevent mounting on ".."

Arjan van de Ven (arjanv@redhat.com)
29 Jun 2003 16:09:40 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: viro@parcelfarce.linux.theplanet.co.uk: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Previous message: Florian Weimer: "Re: Dell vs. GPL"
Next in thread: Willy TARREAU: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Reply: Willy TARREAU: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""

This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.

--=_courier-29417-1056895843-0001-2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sun, 2003-06-29 at 15:09, Willy TARREAU wrote:
> Hi Al and Marcelo,
>=20
> while I was trying to get maximum restrictions on a chroot on 2.4.21-pre,
> I found that it's always possible to mount a ramfs or a tmpfs on "..",
> and then upload whatever I wanted in it. It's a shame because I was
> trying to isolate network daemons inside empty, read-only file-systems,
> and I discovered that this effort was worthless. To resume, imagine a
> network daemon which does :

well...
you need to be root to mount. If you're root you can break out of a
chroot anyway....

--=_courier-29417-1056895843-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA+/vMkxULwo51rQBIRAnwrAJ4xSSP17Z4ciDbQaXA5ROUTrk+YUwCfSYPj
jU/1rCdKEj6WKCKlNLVTHBM=
=iAJD
-----END PGP SIGNATURE-----

--=_courier-29417-1056895843-0001-2--

Next message: viro@parcelfarce.linux.theplanet.co.uk: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Previous message: Florian Weimer: "Re: Dell vs. GPL"
Next in thread: Willy TARREAU: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""
Reply: Willy TARREAU: "Re: [RFC][PATCH-2.4] Prevent mounting on "..""