> > Two easy "get out of jail free" cards. There are other, more complex
> > exploits. You have added one more. They all require root privileges.
>
> Actually, I've heard that a chrooted _non-root_ process can find another
> process with the same uid that's not chrooted and can ptrace() to pull
> itself out of the jail.
Right. Once you have same uid as someone else, you have basically his
priviledges if you chooseto.
> I'd imagine dropping CAP_SYS_PTRACE would avoid this, though.
Pardon me, but CAP_SYS_PTRACE is not required for tracing processes of
same UID.
Pavel
-- I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/