[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Bug 213135] CVE-2008-2544 mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


--- Comment #24 from Martin Cracauer <cracauer cons org>  2009-01-13 11:28:54 EDT ---
(In reply to comment #22)
> (In reply to comment #21)
> > 2) of course a read-write mounted /chroot/proc will instantly turn security
> > into a joke (as all processes, files and devices are accessible by anybody
> > becoming root in the chroot).  But most of these applications, while requiring
> > a /proc, can live with a readonly /proc.
> If anybody in the chroot becomes root, she can escape chroot trivially without
> /proc mounted at all.  Read-only vs. read-write /proc mount does not influence
> that much.
> > I strongly urge somebody who is running a recent Fedora to re-open this bug
> > report after confirming which behavior it is showing now.
> Has this been fixed, or is this test incorrect?
> # uname -r
> # mkdir -p /chroot/proc
> # mount -o ro -t proc proc /chroot/proc/
> # cat /proc/mounts | grep '/proc proc'
> /proc /proc proc rw 0 0
> proc /chroot/proc proc ro 0 0
> # echo 1 > /proc/sys/net/ipv4/ip_forward
> # echo 1 > /chroot/proc/sys/net/ipv4/ip_forward
> bash: /chroot/proc/sys/net/ipv4/ip_forward: Read-only file system

This looks good.

I don't have FC anymore.  My mainline is still broken:

mount -o -ro -t proc proc /mnt/tmp
echo 1 >  /mnt/tmp/sys/net/ipv4/ip_forward
# no complaints

Any idea whether this is a 2.6.27 or a Redhat/Fedora fix?


Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]