Re: sys_chroot+sys_fchdir Fix

On Wed, 19 Sep 2007 09:19:50 +0200
majkls <[email protected]> wrote:

> Hello,
> here is an fix to an exploit (obtained somewhere in internet). This 
> exploit can workaround chroot with CAP_SYS_CHROOT. It is also possible 
> (with sufficient filedescriptor (if there is na directory fd opened in 
> root) workaround chroot with sys_fchdir. This patch fixes it.


If you have the ability to use chroot() you are root. If you are root you
can walk happily out of any chroot by a thousand other means.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: sys_chroot+sys_fchdir Fix
  - From: Bill Davidsen <[email protected]>

References:
- sys_chroot+sys_fchdir Fix
  - From: majkls <[email protected]>

Prev by Date: 2.6.23-rc6-mm1 -- powerpc link failure
Next by Date: 2.6.23-rc6-mm1 -- powerpc pSeries_log_error panic in rtas_call/early_enable_eeh
Previous by thread: sys_chroot+sys_fchdir Fix
Next by thread: Re: sys_chroot+sys_fchdir Fix
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]