Re: [Vserver] Pseudo terminal proxy for util-vserver:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] Pseudo terminal proxy for util-vserver

From: Enrico Scholz <enrico.scholz_at_informatik.tu-chemnitz.de>
Date: Sat 04 Mar 2006 - 19:08:10 GMT
Message-ID: <87lkvqqb8l.fsf@kosh.bigo.ensc.de>

hollow@gentoo.org (Benedikt Böhm) writes:

> With regard to the /dev/pts issue on "vserver <name> enter" i have ported
> the vlogin application from vserver-utils to util-vserver-0.30.210

Mmmh... without looking at the complete code, doing operations in the
shown order is insecure:

> + if (vc_ctx_migrate(opts.xid) == -1)
> + PEXIT("Failed to migrate to context", EXIT_COMMAND);
> + ...
> + if (chroot(".") == -1)
> + PEXIT("Failed to chroot to cwd", EXIT_COMMAND);

Attacker in context could ptrace the process between both commands and
would get access to the host's /-filesystem.

Enrico

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Sat Mar 4 19:09:02 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 04 Mar 2006 - 19:09:05 GMT by hypermail 2.1.8