Re: Chroot bug — Linux Kernel

> >>> The dot-dot entry in the root directory is interpreted to mean the 
> >>> root directory itself. Thus, dot-dot cannot be used to access files 
> >>> outside the subtree rooted at the root directory.
> >>>       
> >
> > Which is behaviour chroot preserves properly.
> >   
> And yet it is the dot-dot entry which is used to access files outside 
> the root.

Read it again, and read all the words. Notably "the dot-dot entry *IN*
the root directory". When your current directory is above your root
directory you do not pass through that dot-dot entry.

> Do you believe that when those words were first written, the hidden 
> conflict, namely that it permits dot-dot to access files outside the 
> subtree, was understood?  

Yes. You need to remember the notion of chroot for "security" is a very
new one, and not one that it was designed for. Which as I've said twice
now is why things like vserver and BSD jails have evolved.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- Re: sys_chroot+sys_fchdir Fix
  - From: "Philipp Marek" <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: Philipp Marek <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: Bill Davidsen <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: "Serge E. Hallyn" <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: "Serge E. Hallyn" <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: "Serge E. Hallyn" <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
  - From: David Newall <[email protected]>
- Chroot bug (was: sys_chroot+sys_fchdir Fix)
  - From: David Newall <[email protected]>
- Re: Chroot bug (was: sys_chroot+sys_fchdir Fix)
  - From: Alan Cox <[email protected]>
- Re: Chroot bug
  - From: David Newall <[email protected]>
- Re: Chroot bug
  - From: Alan Cox <[email protected]>
- Re: Chroot bug
  - From: David Newall <[email protected]>
- Re: Chroot bug
  - From: Alan Cox <[email protected]>
- Re: Chroot bug
  - From: David Newall <[email protected]>
- Re: Chroot bug
  - From: Alan Cox <[email protected]>
- Re: Chroot bug
  - From: David Newall <[email protected]>

Prev by Date: [patch/backport] CFS scheduler, -v22, for v2.6.23-rc8, v2.6.22.8, v2.6.21.7, v2.6.20.20
Next by Date: Re: sys_chroot+sys_fchdir Fix
Previous by thread: Re: Chroot bug
Next by thread: Re: Chroot bug
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]