Re: [RFC][PATCH-2.4] Prevent mounting on ".."

Willy TARREAU (willy@w.ods.org)
Sun, 29 Jun 2003 16:24:59 +0200


On Sun, Jun 29, 2003 at 04:09:40PM +0200, Arjan van de Ven wrote:
> On Sun, 2003-06-29 at 15:09, Willy TARREAU wrote:
> > Hi Al and Marcelo,
> >
> > while I was trying to get maximum restrictions on a chroot on 2.4.21-pre,
> > I found that it's always possible to mount a ramfs or a tmpfs on "..",
> > and then upload whatever I wanted in it. It's a shame because I was
> > trying to isolate network daemons inside empty, read-only file-systems,
> > and I discovered that this effort was worthless. To resume, imagine a
> > network daemon which does :
>
> well...
> you need to be root to mount. If you're root you can break out of a
> chroot anyway....

not in all cases. for the classical "mkdir a; chroot a; chdir ..", you need a
writable directory to create "a" or an existing directory somewhere to serve
as a mount point. If neither of them is true, I don't see other means of
escaping the chroot. And here, ".." is the only one I could exploit, that's why
I proposed this patch which closes what is, to me, the only weakness in this
very particular case.

Cheers,
Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/