Re: kern/54947: chroot mount file systems leak the actual path in superblock

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,kardel%netbsd.org@localhost
Subject: Re: kern/54947: chroot mount file systems leak the actual path in superblock
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Sat, 8 Feb 2020 20:35:01 +0000 (UTC)

The following reply was made to PR kern/54947; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/54947: chroot mount file systems leak the actual path in superblock
Date: Sun, 09 Feb 2020 03:31:47 +0700

     Date:        Sat,  8 Feb 2020 17:20:02 +0000 (UTC)
     From:        Frank Kardel <kardel%netbsd.org@localhost>
     Message-ID:  <20200208172002.2378E1A921A%mollari.NetBSD.org@localhost>

   |  Yes, it is "just" an information leak.We found it while quick testing 
   |  sysinst from a chroot environment.

 I think you're reading more into chroot than you should - it is a means
 to map pathnames in a way that protects the rest of the system from
 stray accesses, and allows the process inside the chroot to test
 operations (like manipulation of files in /etc or installation into
 standard bin or lib paths) without risking the live system.

 That's it.

 It isn't intended to hide just about anything, or provide any special
 security features, other than the pathname remapping it does.

 If you want a virtual machine, use one, chroot is not that.

 kre

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: kern/54945 (nfs uvm_pagegetdirty panic)
Previous by Thread: Re: kern/54947: chroot mount file systems leak the actual path in superblock
Next by Thread: Re: kern/54947: chroot mount file systems leak the actual path in superblock
Indexes:

Home | Main Index | Thread Index | Old Index