i'm trying to understand the function in order to make a nestable chroot
(first step of making chroot actually secure).
the concept would be, that we have a linked list of chroot points off of
the task_struct.
if my hunch is correct, only the first case of follow_dotdot has to do
with chroot, and therefore the code would be simple
if (current->chroot) (i.e. chroot list isn't null, therefore there is a
chroot)
then
test current dir against all chroot points, this way, even if you bring
an fd in with you into a chroot, you will only be able to get as far as
the previous chroot.
so you couldn't do the std,
int fd = open("/");
chroot("/tmp");
fchdir(fd);
to break out.
of course there are other things uid 0 can do, but this is a first
step. So the question is, did I understand follow_dotdot correctly?
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
