From: Alex Lyashkov (shadow_at_psoft.net)
Date: Wed 24 Mar 2004 - 16:22:09 GMT
Hi Herbert
I download you experimental code from
http://vserver.13thfloor.at/Experimental/ns01
and see you add 2 bugs in namespace switch code.
You function
===============
int vc_enter_namespace(uint32_t id, void *data)
{
struct vx_info *vxi;
struct namespace *old_ns;
if (!vx_check(0, VX_ADMIN))
return -ENOSYS;
vxi = find_vx_info(id);
if (!vxi)
return -ESRCH;
if (!vxi->vx_namespace)
goto out_put;
old_ns = current->namespace;
get_namespace(vxi->vx_namespace);
current->namespace = vxi->vx_namespace;
put_namespace(old_ns);
out_put:
put_vx_info(vxi);
return 0;
}
=============
well...
first bug. You _must_ lock task before namespace switch.
see include/linux/namaspace.h as example namespace switch code.
static inline void exit_namespace(struct task_struct *p)
{
struct namespace *namespace = p->namespace;
if (namespace) {
task_lock(p);
p->namespace = NULL;
task_unlock(p);
put_namespace(namespace);
}
}
===
second bug. you must adjust 'root' && 'altroot' && pwd and task->fs
struct. if not do it - it`s create security hole.
How it do see in
namespace.c:chroot_fs_refs and and open.c:sys_chroot.
i think this references will help you fix code.
-- Alex Lyashkov <shadow_at_psoft.net> PSoft _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver