delta/linux-user-chroot.git/src, branch baserock/morph gitlab.gnome.org: GNOME/linux-user-chroot.git Bump up bind mount limit to 1024 2013-09-24T13:35:48+00:00 Colin Walters walters@verbum.org 2013-09-23T21:06:05+00:00 5d23708442b16138b800a4e4e9daf20eda50ba46 The Baserock people were hitting up against the limit of 50, which as the newly added comment says isn't really effective against DoS anyways, so let's just bump it up significantly. Tested-by: Lars Wirzenius <lars.wirzenius@codethink.co.uk> 
The Baserock people were hitting up against the limit of 50, which as
the newly added comment says isn't really effective against DoS
anyways, so let's just bump it up significantly.

Tested-by: Lars Wirzenius <lars.wirzenius@codethink.co.uk>
[SECURITY] Use fsuid to lookup bind mount paths and chroot target 2013-02-24T15:55:37+00:00 Colin Walters walters@verbum.org 2013-02-24T13:33:31+00:00 04028db1d9f7909f4c86d9b4d4a8640e65fd11f1 Otherise, the user can access otherwise inaccessible directories like this: $ linux-user-chroot --mount-bind /root/.virsh ~/mnt / /bin/sh Also, we should check the accessibility of the chroot target; this is much harder to exploit because you'd need an executable inside the chroot that can be run. Reported-by: Marc Deslauriers <marc.deslauriers@canonical.com> Reported-by: Ryan Lortie <desrt@desrt.ca> Reviewed-by: Marc Deslauriers <marc.deslauriers@canonical.com> Signed-off-by: Colin Walters <walters@verbum.org> 
Otherise, the user can access otherwise inaccessible directories like
this:

$ linux-user-chroot --mount-bind /root/.virsh ~/mnt / /bin/sh

Also, we should check the accessibility of the chroot target; this is
much harder to exploit because you'd need an executable inside the
chroot that can be run.

Reported-by: Marc Deslauriers <marc.deslauriers@canonical.com>
Reported-by: Ryan Lortie <desrt@desrt.ca>
Reviewed-by: Marc Deslauriers <marc.deslauriers@canonical.com>
Signed-off-by: Colin Walters <walters@verbum.org>
[SECURITY] Invoke chdir() after we've switched uid, not before 2013-02-24T14:24:08+00:00 Colin Walters walters@verbum.org 2013-02-24T13:27:08+00:00 c4388a624de392a72a5826b0d61c2aa21f283ede Otherwise, the user can access otherwise inaccessible directories like: $ linux-user-chroot --chdir /root/.virsh / /bin/sh Reported-by: Ryan Lortie <desrt@desrt.ca> Reported-by: Marc Deslauriers <marc.deslauriers@canonical.com> 
Otherwise, the user can access otherwise inaccessible directories like:

$ linux-user-chroot --chdir /root/.virsh / /bin/sh

Reported-by: Ryan Lortie <desrt@desrt.ca>
Reported-by: Marc Deslauriers <marc.deslauriers@canonical.com>
Only MS_MOVE the root to / if the root isn't already / 2013-01-10T19:25:37+00:00 Colin Walters walters@verbum.org 2013-01-10T19:25:37+00:00 61eea63b4042d1c6fba12d79215f5b9247d3b5c5 Otherwise the MS_MOVE call aborts. 
Otherwise the MS_MOVE call aborts.
Use MS_MOVE of / rather than chroot() 2012-12-30T09:58:40+00:00 Colin Walters walters@verbum.org 2012-12-30T09:58:40+00:00 21a2e2b39af9f681d7ebeac72a6fcf0487a2b359 chroot() breaks some tools that expect / to be an actual mount point. Doing namespace manipulation is cleaner than chroot(). See http://lists.freedesktop.org/archives/systemd-devel/2012-September/006703.html "[systemd-devel] OSTree mount integration" 
chroot() breaks some tools that expect / to be an actual mount point.
Doing namespace manipulation is cleaner than chroot().

See http://lists.freedesktop.org/archives/systemd-devel/2012-September/006703.html
"[systemd-devel] OSTree mount integration"
Exit immediately if clone() fails 2012-08-10T19:35:09+00:00 Colin Walters walters@verbum.org 2012-08-10T19:35:09+00:00 3af381d5ef6fa8b479589583db8c4efb199878e4 This happens when run recursively. 
This happens when run recursively.
Make use of PR_SET_NO_NEW_PRIVS if available 2012-08-10T19:07:42+00:00 Colin Walters walters@verbum.org 2012-08-10T19:07:42+00:00 ce49cffb83d35e550c16b7aee23fac262e6f359d This flag is exactly what we want for this tool (it's what I thought SECBIT_NOROOT did). See the linked discussion from here: http://lwn.net/Articles/504879/ 
This flag is exactly what we want for this tool (it's what I thought
SECBIT_NOROOT did).

See the linked discussion from here:

http://lwn.net/Articles/504879/
Add --help and --version arguments 2012-04-24T12:56:26+00:00 Colin Walters walters@verbum.org 2012-04-24T12:56:26+00:00 8312b26c3733a04583084ee3bae9148db84c8b00 






newnet: Improve docs some more
2012-03-13T18:37:41+00:00

Colin Walters
walters@verbum.org

2012-03-13T18:37:41+00:00

976957b0067c17612dc889dbeb52d94cedfdcb31

Suggested by Owen Taylor <otaylor@redhat.com>





Suggested by Owen Taylor <otaylor@redhat.com>







newnet: Use correct argv for child
2012-03-13T18:37:31+00:00

Colin Walters
walters@verbum.org

2012-03-13T18:37:31+00:00

61b63e3b0b8d33818925d70373c1c86ec3ffaaa3