Re: vserver and chroot's

About this list Date view Thread view Subject view Author view Attachment view

From: Martin Josefsson (
Date: Thu Jan 24 2002 - 07:10:04 EST

On Thu, 24 Jan 2002, Nick Craig-Wood wrote:

> > > This code can break out of an chroot in Linux kernel
> > > 2.4.18-pre3-ac2:
> This surely must be a kernel bug?
> > > chdir("../bin");
> So why on earth should this work? I can see why it does! Surely that
> is the bug we should be working on? I expect there is some
> implication in speed terms in checking cwd vs root, but it need only
> happen if root != "/" && root != cwd surely which won't slow the rest
> of the kernel down.

If I understand things correctly this is how most unices work. They forget
the old root when chroot is called and if we have a reference to a
directory above the root there's nothing we can't do.

> [snip]
> > Someone told me the forcing the chdir right in the chroot system call
> > was breaking posix compatibility and it was bad. There is apparently
> > a big thread on linux kernel mailing list about this. I have not seen it
> > but I was told that the end argument was that fixing chroot was a big
> > can of worm...
> Here is part of a recent thread...
> And a comment from Alan Cox who is saying that you can't allow chroot
> in a chroot if you want to be secure.

Disallowing chroot alltogether if run in an chroot or limiting it like
FreeBSD does is probably a good idea.

The grsecurity patch has some code to detect if we are calling certain
systemcalls inside a chroot.

Maybe a integration of various parts of grsecurity into vserver would be a
good idea? At least the various chroot stuff.


Never argue with an idiot. They drag you down to their level, then beat you with experience.

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT