mirror of https://github.com/mkerrisk/man-pages
chroot.2: Minor fixes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
3c4dfb62a5
commit
ba9aa794c8
|
@ -73,27 +73,29 @@ capability) may call
|
||||||
.BR chroot ().
|
.BR chroot ().
|
||||||
|
|
||||||
This call changes an ingredient in the pathname resolution process
|
This call changes an ingredient in the pathname resolution process
|
||||||
and does nothing else. In particular, it is not intended to be used
|
and does nothing else.
|
||||||
|
In particular, it is not intended to be used
|
||||||
for any kind of security purpose, neither to fully sandbox a process nor
|
for any kind of security purpose, neither to fully sandbox a process nor
|
||||||
to restrict filesystem syscalls. In the past,
|
to restrict filesystem system calls.
|
||||||
|
In the past,
|
||||||
.BR chroot ()
|
.BR chroot ()
|
||||||
has been used by daemons to restrict themselves prior to passing paths
|
has been used by daemons to restrict themselves prior to passing paths
|
||||||
supplied by untrusted users into syscalls like
|
supplied by untrusted users to system calls such as
|
||||||
.BR open (2).
|
.BR open (2).
|
||||||
However, if a folder is moved out of the chroot directory, an attacker
|
However, if a folder is moved out of the chroot directory, an attacker
|
||||||
can exploit that to get out of the chroot directory as well. The easiest
|
can exploit that to get out of the chroot directory as well.
|
||||||
way to do that is to
|
The easiest way to do that is to
|
||||||
.BR chdir (2)
|
.BR chdir (2)
|
||||||
to the to-be-moved directory, wait for it to be moved out, then open a
|
to the to-be-moved directory, wait for it to be moved out, then open a
|
||||||
path like ../../../etc/passwd.
|
path like ../../../etc/passwd.
|
||||||
|
|
||||||
|
|
||||||
.\" This is how the "slightly trickier variation" works:
|
.\" This is how the "slightly trickier variation" works:
|
||||||
.\" https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt#L142
|
.\" https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt#L142
|
||||||
A slightly
|
A slightly
|
||||||
trickier variation also works under some circumstances if
|
trickier variation also works under some circumstances if
|
||||||
.BR chdir (2)
|
.BR chdir (2)
|
||||||
is not permitted. If a daemon allows a "chroot directory" to be specified,
|
is not permitted.
|
||||||
|
If a daemon allows a "chroot directory" to be specified,
|
||||||
that usually means that if you want to prevent remote users from accessing
|
that usually means that if you want to prevent remote users from accessing
|
||||||
files outside the chroot directory, you must ensure that folders are never
|
files outside the chroot directory, you must ensure that folders are never
|
||||||
moved out of it.
|
moved out of it.
|
||||||
|
|
Loading…
Reference in New Issue