[jesse]
> 1. Your server closes all open directory file descriptors and chroots.
> 2. Someone manages to run some exploit code in your process space which--
mkdir("foo")
chroot("foo")
chdir("../../../../../../../../../..")
chroot(".")
mkdir proc
mount -t proc none proc
cd proc/1/cwd
Two easy "get out of jail free" cards. There are other, more complex
exploits. You have added one more. They all require root privileges.
Bottom line: once you are in the chroot jail, you must drop root
privileges, or you defeat the purpose. Security-conscious coders know
this; it's not Linux-specific behavior or anything.
Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
