kernel-packages team mailing list archive

Thread
Date

[Bug 1377267] Re: On trusty I can break out of pivot_root chroot

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Serge Hallyn <1377267@xxxxxxxxxxxxxxxxxx>
Date: Fri, 03 Oct 2014 18:28:39 -0000
Reply-to: Bug 1377267 <1377267@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

12.04 fails the same way.

Note again that this is only in the case where we chroot before we
pivot_root.  This is done in lxc in the case where we find / is on a
ramfs, which a special case usually on android systems.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1377267

Title:
  On trusty I can break out of pivot_root chroot

Status in “linux” package in Ubuntu:
  Incomplete

Bug description:
  After doing a pivot_root, it should not be possible to use the
  standard well-known 'chroot escape' technique to escape back to the
  host root.  However, Andrey Vagin found that on 14.04 that is in fact
  possible, if you first chroot.

  In 14.10, this is NOT possible.

  I've uploaded testscripts under
  http://people.canonical.com/~serge/chrootintoslave .  Download the
  cis.* from there into a home directory in a clean vm, make them all
  executable, and run "./cis.maintest".

  I posted a similar set of scripts (just tweaking how the chroot+chdir
  are done after pivot_root) in
  http://people.canonical.com/~serge/chrootintoslave.2 - those have the
  same results on my system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1377267/+subscriptions

References

[Bug 1377267] [NEW] On trusty I can break out of pivot_root chroot
From: Serge Hallyn, 2014-10-03