Hi Herbert > recent patches (like 0.09.25) use the following code, > which at least has one bug you mention: i can`t find this patches at web.
> > ... > old_ns = current->namespace; > old_fs = current->fs; > get_namespace(vxi->vx_namespace); > current->namespace = vxi->vx_namespace; > current->fs = copy_fs_struct(vxi->vx_fs); it not need. see fs/open.c:sys_chroot & fs/namespace.c:chroot_fs_refs. > put_namespace(old_ns); > put_fs_struct(old_fs); > ... but me need lock task before enter to migrate and unlock after. > > > > === > > second bug. you must adjust 'root' && 'altroot' && pwd and task->fs > > struct. if not do it - it`s create security hole. > > How it do see in > > namespace.c:chroot_fs_refs and and open.c:sys_chroot. > > do you think the approach above isn't sufficient, > regarding root and altroot, what security hole > do you see? > > > i think this references will help you fix code. > With copy_fs_struct is not hole. without have hole. Please analyze situation when me call this syscall without chroot and that program been attacked from vps. -- Alex Lyashkov <[EMAIL PROTECTED]> PSoft _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
