The Savannah Compromise - what really happened?
Posted Jan 2, 2004 5:20 UTC (Fri) by spotter
In reply to: The Savannah Compromise - what really happened?
Parent article: The Savannah Compromise - what really happened?
what does root mean? it means that when you do a ".." it goes to "." instead of the parent directory.
now imagine you are able to call chroot, you can change your "root" to a directory below you. now, any directory you are in is not the root, so ".." will go to the parent of that directory instead of going to "." and therefore you have broken out of the chroot.
I've looked at 2 simple ways around this.
1) every process should have a list of chroot/root points (instead of just one) and whene ever you hit one o those points ".."->"." I broached this idea to the l-k list a year or 2 ago, but people weren't really interested. probably have my code for it lying around somewhere.
2) have a filesystem that is aware of chroots, and doesn't let a process walk past any chroot point. since file system's don't know about chroot(), would also need to wrap the chroot() syscall in code that set up the appropriate data structures for the fs. this works because even though ".." links to the parent directory, if the filesystem's permission() function prevents any process (even roots) from walking past a directory, the process is effectively chained in. somewhat of a hack, but it works fine, have code that implements this too.
to post comments)