Fwd: Fwd: Getting path in inode_permission

noyb noybee afzalulh at gmail.com
Wed Feb 11 16:49:46 EST 2015


On Thu, Feb 12, 2015 at 2:07 AM,  <Valdis.Kletnieks at vt.edu> wrote:
> On Thu, 12 Feb 2015 00:31:45 +0530, noyb noybee said:
>
>> I was planning that the calling process would call the new system call
>> which would return a pseudo-random key that is used as the
>> pass-phrase.
>
> So what prevents malicious code from doing a fork and then calling the
> new syscall to get its own pseudo-random key to use as a passphrase?
Well, any program which has root credentials is still allowed to call
chroot(it needs to get a new passphrase before) but not any program
with root credentials can exit it. The passphrase last generated(and
still unused) will be used as the passphrase for a chroot system
call(both needed to be called by the same processes, ofc). Once a
passphrase is used for a chroot system call, it is never
returned(pseudo-random) again.



More information about the Kernelnewbies mailing list