On Thu, Nov 16, 2000 at 11:52:49AM -0800, jesse wrote:
> On Thu, Nov 16, 2000 at 05:16:18PM +0100, Andrea Arcangeli wrote:
> > On Thu, Nov 16, 2000 at 03:07:04PM +0100, Matthias Andree wrote:
> > > It shows a program that saves the cwd -- open(".",...) in an open file,
> > > then chroots [..]
> >
> > This is known behaviour (I know Alan knows about it too), solution is to close
> > open directories filedescriptors before chrooting.
> >
> > Everything that happens before chroot(2) is trusted, so it's secure to rely
> > on it to close directories first.
> >
> > If this is not well documented and people doesn't know about it and so they
> > writes unsafe code that's another issue...
>
> But the problem is because you can call chroot when you're already chrooted.
Only if you're root. There are other ways to break out of a
chroot() if you're root too.
Kurt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
