On Fri, 2018-01-05 at 21:42 +1030, David Newall wrote: > On 05/01/18 20:06, Jakub Jelen wrote: > > if the confined user has write access to the chroot directory, > > there are ways how to get out, gain privileges and or do other > > nasty things. > > I'm not inexperienced with UNIX and unix-like operating systems (30+ > years), and I can't think what these ways are. Although clearly > off-topic, I wonder if you could expound on this? I am not experienced to be able to demonstrate all of the cases, but there might be others who are. But clearly, the description of the CVE 2009-2904 [1] talks about attack vector with hardlinks and suid programs. Though I didn't investigate it further. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
