Not sure if this should be Private security or Public yet. I'll mark it as Private for now.
** Changed in: linux (Ubuntu) Importance: Undecided => High ** Tags added: kernel-da-key ** Information type changed from Public to Private Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1377267 Title: On trusty I can break out of pivot_root chroot Status in “linux” package in Ubuntu: Triaged Bug description: After doing a pivot_root, it should not be possible to use the standard well-known 'chroot escape' technique to escape back to the host root. However, Andrey Vagin found that on 14.04 that is in fact possible, if you first chroot. In 14.10, this is NOT possible. I've uploaded testscripts under http://people.canonical.com/~serge/chrootintoslave . Download the cis.* from there into a home directory in a clean vm, make them all executable, and run "./cis.maintest". I posted a similar set of scripts (just tweaking how the chroot+chdir are done after pivot_root) in http://people.canonical.com/~serge/chrootintoslave.2 - those have the same results on my system. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1377267/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
