On Thu 09 Jul 2015 at 00:27:18 +0200, Rhialto wrote:
> That seems like an inconsistency that we may
> want to avoid due to the POLA.

I may even see an escape from a chroot :

1. process gets chrooted to /altroot
2. it cds into, say, tmp
3. outside, somebody mounts a new system on top of /alroot
4. the process' root gets fixed, but not its cwd
5. cwd is now not inside its root, so successive "cd .." escapes to the
   real root.

I gave it a quick try with "pkg_comp chroot", the shell it starts, and
mounting an install usb stick on top and it didn't work immediately.

What I saw in practice with an "ls" after point 4 was "ls: fts_read:
operation not permitted" so there is some detail that prevents the exact
scenario that I tried. But it doesn't seem to be in mount_checkdirs().
It could be something /bin/sh does.

___ Olaf 'Rhialto' Seibert  -- The Doctor: No, 'eureka' is Greek for
\X/ rhialto/at/xs4all.nl    -- 'this bath is too hot.'

Attachment: pgpo3b_YAd2x0.pgp
Description: PGP signature

Reply via email to