Subject: Re: openat(2) and friends
To: None <tech-kern@netbsd.org>
From: Steinar Hamre <steinarh@pvv.ntnu.no>
List: tech-kern
Date: 03/09/2005 10:18:25
Steinar Hamre <steinarh@pvv.ntnu.no> writes:

> 2. rename() of directories inside the chroot to the outside. (worse)
>    (collaborator on the outside "needed".)

Hmm... I can't see how the current scheme; the checks in fchdir(2) and
fchroot(2), denies this. Consider:

chrooted process:
mkdir("/tmp/foo");
chmod("/tmp/foo", 0777);
mkdir("/tmp/foo/bar");
chdir("/tmp/foo/bar");

outside process (collaborator):
rename("/chroot/tmp/foo/bar", "/tmp/bar");

chrooted process:
open("../../etc/passwd"); # or whatever

(assumes a /chroot/tmp with standard permissions.)
(assumes /chroot/tmp and /tmp on same fs; yet another reason for mfs)

        Steinar