news 28 Posted March 7, 2013 A new version of linux-user-chroot is now available: http://git.gnome.org/browse/linux-user-chroot/tag/?id=v2013.1 http://ftp.acc.umu.se/pub/GNOME/sources/linux-user-chroot/2013.1 Here's the shortlog: Colin Walters (6): Use MS_MOVE of / rather than chroot() Only MS_MOVE the root to / if the root isn't already / build: use AC_SYS_LARGEFILE [sECURITY] Invoke chdir() after we've switched uid, not before [sECURITY] Use fsuid to lookup bind mount paths and chroot target Release 2013.1 The most important parts, as you might imagine, are tagged [sECURITY]. The severity of the flaw is mainly that the user can easily access otherwise inaccessible directories if the subdirectory is mode 0755. On my RHEL6 system for example, /root/.virsh can be viewed, where ordinarily it couldn't. This flaw is greatly mitigated by the fact that security-conscious programs such as OpenSSH ensure ~/.ssh is mode 0700. Thanks to Marc Deslauriers and Ryan Lortie for reporting this issue and reviewing patches. _______________________________________________ Share this post Link to post
