Bug 14162
Summary: | binfmt allows breaking out of chroots due to not respecting namespaces | ||
---|---|---|---|
Product: | Other | Reporter: | Oliver Grawert (ogra) |
Component: | Modules | Assignee: | other_modules |
Status: | CLOSED OBSOLETE | ||
Severity: | normal | CC: | alan, lool, serge |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 2.6.31 and before | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
Oliver Grawert
2009-09-11 13:02:52 UTC
The binfmt_misc module opens the interpreter using 'open_exec()', which passes AT_FDCWD to do_filp_open, so the file should be being opened relative to current->fs_root. Do you have a testcase which shows that is not happening, or were you just asking for confirmation? There is also the concern of containers being able to add handlers through /proc/sys/fs/binfmt/. That can be addressed overlaying /proc with the proc-lxc fuse filesystem, which by default does not show /proc/sys to containers at all. Am I understanding everything correctly, and does this address your concerns? If not, then please set me straight and let us discuss on the containers@lists.osdl.org mailing list. thanks, -serge |