Subject: Re: chroot jail for ftpd
To: Jason R Thorpe <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 10/18/2001 18:20:31
> > Setting LD_LIBRARY_PATH to point to a writable filesystem, and putting
> > a "trojan" shared library there, gives any user a trivial way to break
> > out of the sandboxes. Thor is asking to close that loophole.
>Right, I know that one ... attached is a patch which should fix it.
>+ if ((prot & PROT_EXEC) != 0 &&
>+ (vp->v_mount->mnt_flag & MNT_NOEXEC) != 0)
>+ return (EACCES);
correct me if i'm wrong, but can't we also add
(VTOI(vp)->i_ffs_mode & (S_IXUSR | S_IXGRP | S_XOTH)) != 0
to that to do what thor was asking about? hmm...perhaps that kind of
construct is verbotten in this part of the kernel...
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."