Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 22 Oct 2002 11:49:09 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 22 Oct 2002 11:49:08 -0400 Received: from tux.rsn.bth.se ([194.47.143.135]:59782 "EHLO tux.rsn.bth.se") by vger.kernel.org with ESMTP id ; Tue, 22 Oct 2002 11:49:07 -0400 Subject: Re: can chroot be made safe for non-root? From: Martin Josefsson To: Shaya Potter Cc: Ville Herva , Alan Cox , Linux Kernel Mailing List In-Reply-To: <1035296135.1089.35.camel@zaphod> References: <20021016015106.E30836@ma-northadams1b-3.bur.adelphia.net> <87n0pevq5r.fsf@ceramic.fifi.org> <1035213732.27259.160.camel@irongate.swansea.linux.org.uk> <20021022072132.GN147946@niksula.cs.hut.fi> <1035296135.1089.35.camel@zaphod> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 22 Oct 2002 17:55:13 +0200 Message-Id: <1035302113.723.20.camel@tux> Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1771 Lines: 48 On Tue, 2002-10-22 at 16:15, Shaya Potter wrote: > from vserver patch > > diff -rc2P linux-2.4.19/fs/namei.c linux-2.4.19ctx-14/fs/namei.c > *** linux-2.4.19/fs/namei.c Tue Aug 6 15:02:24 2002 > --- linux-2.4.19ctx-14/fs/namei.c Sun Oct 13 23:58:55 2002 > *************** > *** 153,156 **** > --- 153,165 ---- > umode_t mode = inode->i_mode; > > + /* > + A dir with permission bit all 0s is a dead zone for > + process running in a vserver. By doing > + chmod 000 /vservers > + you fix the "escape from chroot" bug. > + */ > + if ((mode & 0777) == 0 > + && S_ISDIR(mode) > + && current->s_context != 0) return -EACCES; > if (mask & MAY_WRITE) { > /* > > I don't think that will work, especially as it seems vserver's dont > nest. This was just a quick and dirty fix to prevent root in a vserver from breaking out into the "real server", that's it. chroot() inside a vserver works exactly the same way as without vservers. One negative sideeffect is that root in a vserver can't access any directory with all 0s in the permission bits. But that's better than having root in a vserver being able to go out into the "real server". I'm not saying this is a very good solution but I think it at least does what it's supposed to do in a dirty way. -- /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/