> Likely because its a chroot vulnerability. > > It allows a process to obtain a reference to the root vfsmount that > doesn't have chroot checks performed on it. > > Consider the following pseudo example: > [...] > > if main is run within a chroot where it's "/" is on the same vfsmount as > it's "..", then the application can step out of the chroot using clone(2). > > Note: using chdir in a vfsmount outside of your namespace works, however > you won't be able to walk off that vfsmount (to its parent or children).
How about fixing fchdir, so it checks whether you gone outside the tree under current->fs->rootmnt? Should be fairly easy to do. Miklos - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
