Re: [PATCH] virtiofsd: jail lo->proc_self_fd

* Miklos Szeredi (mszer...@redhat.com) wrote: > While it's not possible to escape the proc filesystem through > lo->proc_self_fd, it is possible to escape to the root of the proc > filesystem itself through "../..". > > Use a temporary mount for opening lo->proc_self_fd, that has it's root at > /p

Re: [Virtio-fs] [PATCH] virtiofsd: jail lo->proc_self_fd

* Stefan Hajnoczi (stefa...@redhat.com) wrote: > On Wed, Apr 29, 2020 at 02:47:33PM +0200, Miklos Szeredi wrote: > > While it's not possible to escape the proc filesystem through > > lo->proc_self_fd, it is possible to escape to the root of the proc > > filesystem itself through "../..". > > > > U

Re: [Virtio-fs] [PATCH] virtiofsd: jail lo->proc_self_fd

On Wed, Apr 29, 2020 at 02:47:33PM +0200, Miklos Szeredi wrote: > While it's not possible to escape the proc filesystem through > lo->proc_self_fd, it is possible to escape to the root of the proc > filesystem itself through "../..". > > Use a temporary mount for opening lo->proc_self_fd, that has

Re: [Virtio-fs] [PATCH] virtiofsd: jail lo->proc_self_fd

On Wed, Apr 29, 2020 at 5:00 PM Vivek Goyal wrote: > > On Wed, Apr 29, 2020 at 04:47:19PM +0200, Miklos Szeredi wrote: > > On Wed, Apr 29, 2020 at 4:36 PM Vivek Goyal wrote: > > > > > > On Wed, Apr 29, 2020 at 02:47:33PM +0200, Miklos Szeredi wrote: > > > > While it's not possible to escape the p

Re: [Virtio-fs] [PATCH] virtiofsd: jail lo->proc_self_fd

On Wed, Apr 29, 2020 at 04:47:19PM +0200, Miklos Szeredi wrote: > On Wed, Apr 29, 2020 at 4:36 PM Vivek Goyal wrote: > > > > On Wed, Apr 29, 2020 at 02:47:33PM +0200, Miklos Szeredi wrote: > > > While it's not possible to escape the proc filesystem through > > > lo->proc_self_fd, it is possible to

Re: [Virtio-fs] [PATCH] virtiofsd: jail lo->proc_self_fd

On Wed, Apr 29, 2020 at 4:47 PM Miklos Szeredi wrote: > > On Wed, Apr 29, 2020 at 4:36 PM Vivek Goyal wrote: > > > > On Wed, Apr 29, 2020 at 02:47:33PM +0200, Miklos Szeredi wrote: > > > While it's not possible to escape the proc filesystem through > > > lo->proc_self_fd, it is possible to escape

Re: [Virtio-fs] [PATCH] virtiofsd: jail lo->proc_self_fd

On Wed, Apr 29, 2020 at 4:36 PM Vivek Goyal wrote: > > On Wed, Apr 29, 2020 at 02:47:33PM +0200, Miklos Szeredi wrote: > > While it's not possible to escape the proc filesystem through > > lo->proc_self_fd, it is possible to escape to the root of the proc > > filesystem itself through "../..". > >

Re: [Virtio-fs] [PATCH] virtiofsd: jail lo->proc_self_fd

On Wed, Apr 29, 2020 at 02:47:33PM +0200, Miklos Szeredi wrote: > While it's not possible to escape the proc filesystem through > lo->proc_self_fd, it is possible to escape to the root of the proc > filesystem itself through "../..". Hi Miklos, So this attack will work with some form of *at(lo->p

[PATCH] virtiofsd: jail lo->proc_self_fd

While it's not possible to escape the proc filesystem through lo->proc_self_fd, it is possible to escape to the root of the proc filesystem itself through "../..". Use a temporary mount for opening lo->proc_self_fd, that has it's root at /proc/self/fd/, preventing access to the ancestor directorie