On Thu, Feb 12, 2015 at 3:44 AM, <Valdis.Kletnieks@xxxxxx> wrote: > And if you're using the passphrase for the chroot() call *itself*, you > have an even bigger problem - whatever access that passphrase adds is now > available *anywhere inside the chroot*. > > So all I need to do is find a way to exploit the chroot, and now I have > access to resources outside the chroot. At which point your security > scheme is *totally* broken. You are right. Even on adding the passphrase, if the original program that executed chroot is exploitable(which my solution tried to take into account), it could still access the passphrase and we would be back at square one. > How about you concentrate on "how were they able to access files outside > the chroot in the first place"? So, closing all open file descriptors that are outside the new root directory + changing the CWD + blocking any mounts. _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
