Hi!
> > Two easy "get out of jail free" cards. There are other, more complex
> > exploits. You have added one more. They all require root privileges.
>
> Actually, I've heard that a chrooted _non-root_ process can find another
> process with the same uid that's not chrooted and can ptrace() to pull
> itself out of the jail.
Right. Once you have same uid as someone else, you have basically his
priviledges if you chooseto.
> I'd imagine dropping CAP_SYS_PTRACE would avoid this, though.
Pardon me, but CAP_SYS_PTRACE is not required for tracing processes of
same UID.
Pavel
--
I'm [EMAIL PROTECTED] "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
