Process building package can escape from chroot and gain local root
Bug #1010787 reported by
Karma Dorje
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| sbuild (Debian) |
Fix Released
|
Unknown
|
|||
| sbuild (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Package: sbuild
Version: 0.62.6-1
Severity: important
When building a package with sbuild, the processes running in the chroot can escape from there and gain local root. This is possible as the processes in- and outside of the chroot environment run under the same user id and the outside process can run commands as root in the chroot environment.
| Changed in sbuild (Debian): | |
| status: | Unknown → New |
| visibility: | private → public |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in sbuild (Ubuntu): | |
| status: | New → Incomplete |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #2 |
Revision history for this message
| Karma Dorje (taaroa) wrote | #3 |
| Changed in sbuild (Ubuntu): | |
| status: | Incomplete → Invalid |
| Changed in sbuild (Debian): | |
| status: | New → Fix Released |
To post a comment you must log in.
Thank you for reporting a bug in Ubuntu. I'm not following your reasoning. Chroots are not designed to provide a security barrier for root processes, so, like you say, a root process can break out. However, typical usage of sbuild is with schroot and packages that are built in the chroot should not be running as root. Therefore a user in the schroot should not be able to gain root in the manner described unless the chroot is misconfigured -- can you provide specifics? All that said, building untrusted packages means running untrusted code and a chroot should not necessarily be relied on for security (one can use snapshotted or throwaway virtual machines for this sort of thing).