Re: Chroot bug (was: sys_chroot+sys_fchdir Fix)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sep 26 2007 00:40, David Newall wrote:
>
> Miloslav Semler pointed out that a root process can chdir("..") out of its
> chroot.  Although this is documented in the man page, it conflicts with the
> essential function, which is to change the root directory of the process.  In
> addition to any creative uses, for example Philipp Marek's loading dynamic
> libraries, it seems clear that the prime purpose of chroot is to aid security.
> Being able to cd your way out is handy for the bad guys, but the good guys
> don't need it; there are a thousand better, safer solutions.

So what? Just do this: chdir into the root after chroot.

It won't conform to SVR4/4.4BSD anymore, but hey, let Linux set some
sane standard ain't bad either. I doubt anyone really relies on the
fact that after chroot, your cwd might be outside the root.

Signed-off-by: Jan Engelhardt <[email protected]>

---
 fs/open.c |    1 +
 1 file changed, 1 insertion(+)

Index: linux-2.6.23/fs/open.c
===================================================================
--- linux-2.6.23.orig/fs/open.c
+++ linux-2.6.23/fs/open.c
@@ -547,6 +547,7 @@ asmlinkage long sys_chroot(const char __
 
 	set_fs_root(current->fs, nd.mnt, nd.dentry);
 	set_fs_altroot();
+	set_fs_pwd(current->fs, nd.mnt, nd.dentry);
 	error = 0;
 dput_and_out:
 	path_release(&nd);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux