So? chdir around and you'll get to the covering directory.
> > If attacker can mount of chroot - you've LOST. Already. End of story.
>
> To me, it seems this is the *only* remaining case in an *empty* read-only
> directory. The fact is that the attacker needs at least a mount point to mount
> something. Not providing him one is efficient, but here he can only exploit
> "..".
>
> Please reconsider the question, Al, because I really think that with this, we
> can get reliable jails for network daemons which don't need file access at all.
Sigh... We _can't_ do that via chroot(). Please, stop fooling yourself -
if attacker gets control over root process, the fight is over. In particular,
attacker can chmod your read-only directory and/or remount the thing.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/