kernel-packages team mailing list archive

[Serge Hallyn <1377267@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

After doing a pivot_root, it should not be possible to use the standard
well-known 'chroot escape' technique to escape back to the host root.
However, Andrey Vagin found that on 14.04 that is in fact possible, if
you first chroot.

In 14.10, this is NOT possible.

I've uploaded testscripts under
http://people.canonical.com/~serge/chrootintoslave .  Download the cis.*
from there into a home directory in a clean vm, make them all
executable, and run "./cis.maintest".

I posted a similar set of scripts (just tweaking how the chroot+chdir
are done after pivot_root) in
http://people.canonical.com/~serge/chrootintoslave.2 - those have the
same results on my system.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: Incomplete


** Tags: trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1377267

Title:
  On trusty I can break out of pivot_root chroot

Status in “linux” package in Ubuntu:
  Incomplete

Bug description:
  After doing a pivot_root, it should not be possible to use the
  standard well-known 'chroot escape' technique to escape back to the
  host root.  However, Andrey Vagin found that on 14.04 that is in fact
  possible, if you first chroot.

  In 14.10, this is NOT possible.

  I've uploaded testscripts under
  http://people.canonical.com/~serge/chrootintoslave .  Download the
  cis.* from there into a home directory in a clean vm, make them all
  executable, and run "./cis.maintest".

  I posted a similar set of scripts (just tweaking how the chroot+chdir
  are done after pivot_root) in
  http://people.canonical.com/~serge/chrootintoslave.2 - those have the
  same results on my system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1377267/+subscriptions