From: Alex Lyashkov (shadow_at_psoft.net)
Date: Fri 26 Mar 2004 - 04:18:32 GMT
Hi Herbert
> recent patches (like 0.09.25) use the following code,
> which at least has one bug you mention:
i can`t find this patches at web.
>
> ...
> old_ns = current->namespace;
> old_fs = current->fs;
> get_namespace(vxi->vx_namespace);
> current->namespace = vxi->vx_namespace;
> current->fs = copy_fs_struct(vxi->vx_fs);
it not need. see fs/open.c:sys_chroot & fs/namespace.c:chroot_fs_refs.
> put_namespace(old_ns);
> put_fs_struct(old_fs);
> ...
but me need lock task before enter to migrate and unlock after.
>
>
> > ===
> > second bug. you must adjust 'root' && 'altroot' && pwd and task->fs
> > struct. if not do it - it`s create security hole.
> > How it do see in
> > namespace.c:chroot_fs_refs and and open.c:sys_chroot.
>
> do you think the approach above isn't sufficient,
> regarding root and altroot, what security hole
> do you see?
>
> > i think this references will help you fix code.
>
With copy_fs_struct is not hole. without have hole.
Please analyze situation when me call this syscall without chroot and
that program been attacked from vps.
-- Alex Lyashkov <shadow_at_psoft.net> PSoft _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver