RE: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: RE: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
From: David Laight <David.Laight@xxxxxxxxxx>
Date: Thu, 11 Mar 2021 09:45:43 +0000
Accept-language: en-GB, en-US
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Serge Hallyn <serge@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, Casey Schaufler <casey@xxxxxxxxxxxxxxxx>, Christian Brauner <christian.brauner@xxxxxxxxxx>, Christoph Hellwig <hch@xxxxxx>, David Howells <dhowells@xxxxxxxxxx>, Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>, "John Johansen" <john.johansen@xxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Kentaro Takeda <takedakn@xxxxxxxxxxxxx>, Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>, "kernel-hardening@xxxxxxxxxxxxxxxxxx" <kernel-hardening@xxxxxxxxxxxxxxxxxx>, "linux-fsdevel@xxxxxxxxxxxxxxx" <linux-fsdevel@xxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-security-module@xxxxxxxxxxxxxxx" <linux-security-module@xxxxxxxxxxxxxxx>, Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx>
Delivered-to: mailing list kernel-hardening@xxxxxxxxxxxxxxxxxx
In-reply-to: <m17dmeq0co.fsf@fess.ebiederm.org>
Mailing-list: contact kernel-hardening-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AQHXFeMKfWlhWd9Z4UmL5GfL4v4dzap+ifLA
Thread-topic: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)

From: Eric W. Biederman
> Sent: 10 March 2021 19:24
...
> The actual classic chroot escape is.
> chdir("/");
> chroot("/somedir");
> chdir("../../../..");

That one is easily checked.

I thought something like:
chroot("/somedir");
chdir("/somepath");

Friendly process:
mvdir("/somedir/some_path", "/bar");

was the actual escape?

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

References:
- [PATCH v2 0/1] Unprivileged chroot
  - From: Mickaël Salaün
- [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
  - From: Mickaël Salaün
- Re: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
  - From: Eric W. Biederman

Prev by Date: Re: [PATCH v5 1/7] mm: Restore init_on_* static branch defaults
Next by Date: Re: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Previous by thread: Re: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Next by thread: [PATCH v3 0/1] Unprivileged chroot
Index(es):
- Date
- Thread

[Index of Archives] [Linux Samsung SoC] [Linux Rockchip SoC] [Linux Actions SoC] [Linux for Synopsys ARC Processors] [Linux NFS] [Linux NILFS] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]