NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/54947: chroot mount file systems leak the actual path in superblock



The following reply was made to PR kern/54947; it has been noted by GNATS.

From: Frank Kardel <kardel%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/54947: chroot mount file systems leak the actual path in
 superblock
Date: Sat, 8 Feb 2020 18:19:04 +0100

 Yes, it is "just" an information leak.We found it while quick testing 
 sysinst from a chroot environment.
 
 sysinst gets confused in this case - see PR/54944.
 
 We might put that on the long list of information leaks we are plugging.
 
 Frank
 
 
 On 02/08/20 17:30, Christos Zoulas wrote:
 > The following reply was made to PR kern/54947; it has been noted by GNATS.
 >
 > From: Christos Zoulas <christos%zoulas.com@localhost>
 > To: gnats-bugs%netbsd.org@localhost
 > Cc: kern-bug-people%netbsd.org@localhost,
 >   gnats-admin%netbsd.org@localhost,
 >   netbsd-bugs%netbsd.org@localhost
 > Subject: Re: kern/54947: chroot mount file systems leak the actual path in
 >   superblock
 > Date: Sat, 8 Feb 2020 11:27:40 -0500
 >
 >   --Apple-Mail=_525BB5EF-7C6C-420B-9FF3-5BD1D18DFA4A
 >   Content-Transfer-Encoding: quoted-printable
 >   Content-Type: text/plain;
 >   	charset=us-ascii
 >   
 >   1. There is nothing to be done about it; the part is recorded inside the =
 >   superblock.
 >   2. One should not be making device nodes with access to physical devices =
 >   in the chroot.
 >       Getting the path from the superblock is the least of the concerns if =
 >   you give root access
 >       inside a chroot...
 >   3. This is purely an information leak. The same can happen if you plug =
 >   in a usb fob that
 >       has a filesystem on it, and the information you get on it is not =
 >   very useful.
 >   
 >   christos
 >   
 >   --Apple-Mail=_525BB5EF-7C6C-420B-9FF3-5BD1D18DFA4A
 >   Content-Transfer-Encoding: 7bit
 >   Content-Disposition: attachment;
 >   	filename=signature.asc
 >   Content-Type: application/pgp-signature;
 >   	name=signature.asc
 >   Content-Description: Message signed with OpenPGP
 >   
 >   -----BEGIN PGP SIGNATURE-----
 >   Comment: GPGTools - http://gpgtools.org
 >   
 >   iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCXj7hfAAKCRBxESqxbLM7
 >   OnS4AJ41vtXheH31Cf8Yk0A1dMy3fhgzhgCgwbYEwZFLnsBIC9S2NsxN8k8Dsz4=
 >   =jMJM
 >   -----END PGP SIGNATURE-----
 >   
 >   --Apple-Mail=_525BB5EF-7C6C-420B-9FF3-5BD1D18DFA4A--
 >   
 


Home | Main Index | Thread Index | Old Index