Re: more thoughts on a new jail() system call

David Wagner (daw@mozart.cs.berkeley.edu)
19 Jul 2002 03:23:04 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brad Hards: "Re: USB Keypad"
Previous message: Greg KH: "Re: USB Keypad"
Maybe in reply to: Shaya Potter: "more thoughts on a new jail() system call"

Albert D. Cahalan wrote:
>>> sys_olduname) - P
>>
>> I'd argue that this should be restricted, on general
>> principles. (General principle: A jailed process shouldn't
>> be able to learn anything about the host it's running on.)
>
>Learning this info is easy enough without a syscall.
>You only cause trouble for legit usage.

Ok. To be clear, I consider this minor and probably
unimportant for security, hence just allowing this is
probably reasonable.

That said, is it really true that you can learn the
hostname and the like without a syscall? How?

>No, sys_getcwd will return info based on your current root.
>After chroot and all, your "/" is the top of your jail.

Ahh, I feel stupid for overlooking that. You're
absolutely right. Thanks for the correction.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Brad Hards: "Re: USB Keypad"
Previous message: Greg KH: "Re: USB Keypad"
Maybe in reply to: Shaya Potter: "more thoughts on a new jail() system call"