[jesse]
> 1.  Your server closes all open directory file descriptors and chroots.
> 2.  Someone manages to run some exploit code in your process space which--

  mkdir("foo")
  chroot("foo")
  chdir("../../../../../../../../../..")
  chroot(".")

  mkdir proc
  mount -t proc none proc
  cd proc/1/cwd

Two easy "get out of jail free" cards.  There are other, more complex
exploits.  You have added one more.  They all require root privileges.

Bottom line: once you are in the chroot jail, you must drop root
privileges, or you defeat the purpose.  Security-conscious coders know
this; it's not Linux-specific behavior or anything.

Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/

Reply via email to