From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Tue 05 Feb 2002 - 18:51:50 GMT
On Tue, 5 Feb 2002 18:52:49 -0500, edward_at_paradigm4.com.au wrote
> I still don't understand why we need chmod 0 tricks.
> Isn't the following good enough?
>
> /* chroot call - still leaves the cwd pointing outside vserver */
> if(chroot(root_dir)) { perror("chroot failed"); exit(1) };
> /* fix the cwd */
> if(chdir("/") { perror("chdir failed"); exit(1) };
> /* it should be safe at this point, right? */
> /* and of course, now you can also */
> /* drop the CAP_SYS_CHROOT for the truly paranoid */
>
The problem is not the first chroot (the one used to "enter" the vserver). the
problem is doing a second chroot while keeping the current directory behind.
Once the chroot is done, you are free to do chdir (".."). Since the test is perform
only if the current directory == the process root directory, chdir("..") works and let
you out of the original vserver root directory.
Note that using the dcache in linux, it is possible to tell very efficiently if
a chdir("..") yields outside a process root. We can compare directory path
directly. So fixing chroot is possible.
But I needed a way to fix the issue once for all. Not everyone agree on kernel
mailing list that chroot has to be fixed. My one line fix does not change chroot.
For sure, you can drop CAP_SYS_CHROOT, but some service may stop working.
---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc