Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758793AbXIZLeq (ORCPT ); Wed, 26 Sep 2007 07:34:46 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753960AbXIZLei (ORCPT ); Wed, 26 Sep 2007 07:34:38 -0400 Received: from outpipe-village-512-1.bc.nu ([81.2.110.250]:52761 "EHLO the-village.bc.nu" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1752104AbXIZLeh (ORCPT ); Wed, 26 Sep 2007 07:34:37 -0400 Date: Wed, 26 Sep 2007 12:38:33 +0100 From: Alan Cox To: David Newall Cc: Al Viro , Phillip Susi , Bill Davidsen , majkls , bunk@fs.tum.de, linux-kernel@vger.kernel.org Subject: Re: sys_chroot+sys_fchdir Fix Message-ID: <20070926123833.2ed598af@the-village.bc.nu> In-Reply-To: <46FA40F3.8010306@davidnewall.com> References: <46F0CD96.9030807@prepere.com> <20070919104018.3a6bcfb1@the-village.bc.nu> <46F16A0A.3070402@tmr.com> <20070919194559.36015307@the-village.bc.nu> <46F1A196.8060108@davidnewall.com> <46F401D6.6060609@cfl.rr.com> <20070921191012.15a0b51b@the-village.bc.nu> <46F9752C.5080807@cfl.rr.com> <20070926002340.GL8181@ftp.linux.org.uk> <46FA35A6.1070400@davidnewall.com> <20070926122127.74cdd000@the-village.bc.nu> <46FA40F3.8010306@davidnewall.com> X-Mailer: Claws Mail 2.10.0 (GTK+ 2.10.14; i386-redhat-linux-gnu) Organization: Red Hat UK Cyf., Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, Y Deyrnas Gyfunol. Cofrestrwyd yng Nghymru a Lloegr o'r rhif cofrestru 3798903 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1122 Lines: 24 > I've made no error. The documentation says what it says, and what it > doesn't say, other than for Linux, is that there is an unspecified way > of breaking out. Now see I've been working on Unix systems since 1988 or so and in that time I've learned to read the documentation properly (you haven't) and I've also don't security work on a pile of systems. Your assumptions and your whole mental model of this are horribly broken. > If you're so keen on trying things, then I challenge you to try it on, > oh, say, BSD, and then admit your error. (Such hostile words.) FreeBSD isn't a Unix system, and isn't compliant to the spec. Its also still trivial to get out of a freebsd chroot using things like ptrace. FreeBSD jails on the other hand do what you confusedly seem to think should happen with chroot. They are seperate precisely because they are different. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/