tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: security implications: ptyfs + mount_null + chroot
In article <20120329211648.GB1256%yamaha.dberg.net@localhost>,
Dave B <spam%y2012.dberg.net@localhost> wrote:
>** The short version:
>
> What security implications are there of doing a "null" mount of
>/dev/pts on to directory that will be used under a chroot'ed
>environment? How easily, if at all, could the resulting access to
>ptys which might have been opened in the parent environment be a
>vulnerability?
>
> In addition, how iron-clad is chroot now considered to be anyway?
It will not work. I believe that there is code there to prevent more than
one mount, but initially when I wrote it I was planning to allow multiple
mounts that displayed only the ptys that were associated with processes
that had visibility to that root. It would be a fun project to do; it is
not too hard.
christos
Home |
Main Index |
Thread Index |
Old Index