← Back to team overview

kernel-packages team mailing list archive

[Bug 1377267] Re: On trusty I can break out of pivot_root chroot

 

** Changed in: linux (Ubuntu)
       Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1377267

Title:
  On trusty I can break out of pivot_root chroot

Status in “linux” package in Ubuntu:
  Triaged

Bug description:
  After doing a pivot_root, it should not be possible to use the
  standard well-known 'chroot escape' technique to escape back to the
  host root.  However, Andrey Vagin found that on 14.04 that is in fact
  possible, if you first chroot.

  In 14.10, this is NOT possible.

  I've uploaded testscripts under
  http://people.canonical.com/~serge/chrootintoslave .  Download the
  cis.* from there into a home directory in a clean vm, make them all
  executable, and run "./cis.maintest".

  I posted a similar set of scripts (just tweaking how the chroot+chdir
  are done after pivot_root) in
  http://people.canonical.com/~serge/chrootintoslave.2 - those have the
  same results on my system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1377267/+subscriptions


References