Fwd: Fwd: Getting path in inode_permission
afzalulh at gmail.com
Thu Feb 12 13:11:18 EST 2015
On Thu, Feb 12, 2015 at 3:44 AM, <Valdis.Kletnieks at vt.edu> wrote:
> And if you're using the passphrase for the chroot() call *itself*, you
> have an even bigger problem - whatever access that passphrase adds is now
> available *anywhere inside the chroot*.
> So all I need to do is find a way to exploit the chroot, and now I have
> access to resources outside the chroot. At which point your security
> scheme is *totally* broken.
You are right. Even on adding the passphrase, if the original program
that executed chroot is exploitable(which my solution tried to take
into account), it could still access the passphrase and we would be
back at square one.
> How about you concentrate on "how were they able to access files outside
> the chroot in the first place"?
So, closing all open file descriptors that are outside the new root
directory + changing the CWD + blocking any mounts.
More information about the Kernelnewbies