https://bugzilla.mindrot.org/show_bug.cgi?id=3715
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Darren Tucker <[email protected]> --- (In reply to Joshua Hudson from comment #2) > Why is nodev (to be) required? It's not like an external filesystem; > the user can't *make* devices. No, but they *can* create new hardlinks to existing devices on the same filesystem (this example is OpenBSD, but I'd expect the same on most systems where /dev is not a separate mount point): $ id uid=1000(builder) gid=1000(builder) groups=1000(builder) $ mount /dev/sd0a on / type ffs (local, wxallowed) $ ln /dev/null ~/null $ ls -ld . ~/null drwxr-xr-x 3 builder builder 512 Jul 31 10:12 . crw-rw-rw- 2 root wheel 2, 2 Jul 31 10:10 /home/builder/null $ echo foo >~/null $ (In reply to Joshua Hudson from comment #2) > It may have been; but I jumped back a few versions and found the > original state was don't check permissions on the chroot directory. Depending on how far back you went, but in the realm of "decade old" you may have been reintroducing CVE-2009-2904 (https://bugzilla.redhat.com/show_bug.cgi?id=522141). -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
