Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759026AbXIYRAn (ORCPT ); Tue, 25 Sep 2007 13:00:43 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750879AbXIYRAf (ORCPT ); Tue, 25 Sep 2007 13:00:35 -0400 Received: from h90-m1.hosting90.cz ([81.0.225.70]:50575 "EHLO h90-m1.hosting90.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750826AbXIYRAe (ORCPT ); Tue, 25 Sep 2007 13:00:34 -0400 Message-ID: <46F93EAF.20706@prepere.com> Date: Tue, 25 Sep 2007 19:00:31 +0200 From: Miloslav Semler User-Agent: IceDove 1.5.0.12 (X11/20070607) MIME-Version: 1.0 To: Jan Engelhardt CC: serge@hallyn.com, davidsen@tmr.com, philipp@marek.priv.at, 7eggert@gmx.de, alan@lxorguk.ukuu.org.uk, linux-kernel@vger.kernel.org Subject: Re: Chroot bug References: <56705.193.171.152.61.1190289559.squirrel@webmail.marek.priv.at> <46F29A9A.4070806@davidnewall.com> <200709201817.17282@x5> <46F2B59F.8090709@davidnewall.com> <46F2DDD0.3030500@tmr.com> <46F380E4.4040606@davidnewall.com> <20070924213215.GA32716@vino.hallyn.com> <46F83474.5040503@davidnewall.com> <20070924230008.GA3160@vino.hallyn.com> <46F8BC8A.7080006@davidnewall.com> <20070925114947.GA9721@vino.hallyn.com> <46F91417.9050600@davidnewall.com> <46F924E3.50205@davidnewall.com> <46F92C17.3060405@davidnewall.com> <46F9351D.8020906@prepere.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 833 Lines: 41 >> This does not help. Let's try: >> chroot somewhere >> mkdir foo >> fd = open / >> chroot foo >> > > ('fd' implicitly closed and chdir to /foo) > Really? Try it. I am sure, that this works. You can create directory in chroot and break chroot by this. fd is not closed, because linux doesn't close descriptors by chroot syscall. this can be done every time if you have CAP_SYS_CHROOT. > >> fchdir fd >> > > -EINVAL > > >> chdir ".." >> > > /../ => / > > >> .... >> chdir ".." >> chroot "." >> so you are in root. >> > > so we remain in chroot. > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/