Process building package can escape from chroot and gain local root
Bug #1010787 reported by
Karma Dorje
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sbuild (Debian) |
Fix Released
|
Unknown
|
|||
sbuild (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Package: sbuild
Version: 0.62.6-1
Severity: important
When building a package with sbuild, the processes running in the chroot can escape from there and gain local root. This is possible as the processes in- and outside of the chroot environment run under the same user id and the outside process can run commands as root in the chroot environment.
Changed in sbuild (Debian): | |
status: | Unknown → New |
visibility: | private → public |
Changed in sbuild (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
Thank you for reporting a bug in Ubuntu. I'm not following your reasoning. Chroots are not designed to provide a security barrier for root processes, so, like you say, a root process can break out. However, typical usage of sbuild is with schroot and packages that are built in the chroot should not be running as root. Therefore a user in the schroot should not be able to gain root in the manner described unless the chroot is misconfigured -- can you provide specifics? All that said, building untrusted packages means running untrusted code and a chroot should not necessarily be relied on for security (one can use snapshotted or throwaway virtual machines for this sort of thing).