tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: security implications: ptyfs + mount_null + chroot



On Fri, Mar 30, 2012 at 12:11:40AM +0000, Christos Zoulas wrote:
> In article <20120329211648.GB1256%yamaha.dberg.net@localhost>,
> Dave B  <spam%y2012.dberg.net@localhost> wrote:
> >** The short version:
> >
> >  What security implications are there of doing a "null" mount of
> >/dev/pts on to directory that will be used under a chroot'ed
> >environment?  How easily, if at all, could the resulting access to
> >ptys which might have been opened in the parent environment be a
> >vulnerability?
> >
> >  In addition, how iron-clad is chroot now considered to be anyway?
> 
> It will not work. I believe that there is code there to prevent more than
> one mount, but initially when I wrote it I was planning to allow multiple
> mounts that displayed only the ptys that were associated with processes
> that had visibility to that root. It would be a fun project to do; it is
> not too hard.

It does work, but it doesn't give any visibility "protection" with
regard to chroots. Big part of the problem is that there is no real way
to associate a chroot and /dev/pts...

Joerg


Home | Main Index | Thread Index | Old Index