Re: Chroot bug

> >>> The dot-dot entry in the root directory is interpreted to mean the 
> >>> root directory itself. Thus, dot-dot cannot be used to access files 
> >>> outside the subtree rooted at the root directory.
> >>>       
> >
> > Which is behaviour chroot preserves properly.
> >   
> And yet it is the dot-dot entry which is used to access files outside 
> the root.

Read it again, and read all the words. Notably "the dot-dot entry *IN*
the root directory". When your current directory is above your root
directory you do not pass through that dot-dot entry.

> Do you believe that when those words were first written, the hidden 
> conflict, namely that it permits dot-dot to access files outside the 
> subtree, was understood?  

Yes. You need to remember the notion of chroot for "security" is a very
new one, and not one that it was designed for. Which as I've said twice
now is why things like vserver and BSD jails have evolved.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • Re: sys_chroot+sys_fchdir Fix
    • From: "Philipp Marek" <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: David Newall <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: Philipp Marek <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: David Newall <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: Bill Davidsen <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: David Newall <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: "Serge E. Hallyn" <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: David Newall <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: "Serge E. Hallyn" <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: David Newall <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: "Serge E. Hallyn" <[email protected]>
  • Re: sys_chroot+sys_fchdir Fix
    • From: David Newall <[email protected]>
  • Chroot bug (was: sys_chroot+sys_fchdir Fix)
    • From: David Newall <[email protected]>
  • Re: Chroot bug (was: sys_chroot+sys_fchdir Fix)
    • From: Alan Cox <[email protected]>
  • Re: Chroot bug
    • From: David Newall <[email protected]>
  • Re: Chroot bug
    • From: Alan Cox <[email protected]>
  • Re: Chroot bug
    • From: David Newall <[email protected]>
  • Re: Chroot bug
    • From: Alan Cox <[email protected]>
  • Re: Chroot bug
    • From: David Newall <[email protected]>
  • Re: Chroot bug
    • From: Alan Cox <[email protected]>
  • Re: Chroot bug
    • From: David Newall <[email protected]>

• Prev by Date: [patch/backport] CFS scheduler, -v22, for v2.6.23-rc8, v2.6.22.8, v2.6.21.7, v2.6.20.20
• Next by Date: Re: sys_chroot+sys_fchdir Fix
• Previous by thread: Re: Chroot bug
• Next by thread: Re: Chroot bug
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]