On trusty I can break out of pivot_root chroot
Bug #1377267 reported by
Serge Hallyn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
High
|
Unassigned |
Bug Description
After doing a pivot_root, it should not be possible to use the standard well-known 'chroot escape' technique to escape back to the host root. However, Andrey Vagin found that on 14.04 that is in fact possible, if you first chroot.
In 14.10, this is NOT possible.
I've uploaded testscripts under http://
I posted a similar set of scripts (just tweaking how the chroot+chdir are done after pivot_root) in http://
Changed in linux (Ubuntu): | |
status: | Incomplete → Triaged |
To post a comment you must log in.
12.04 fails the same way.
Note again that this is only in the case where we chroot before we pivot_root. This is done in lxc in the case where we find / is on a ramfs, which a special case usually on android systems.