[PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)

David Laight David.Laight at ACULAB.COM
Thu Mar 11 09:45:43 UTC 2021

From: Eric W. Biederman
> Sent: 10 March 2021 19:24
> The actual classic chroot escape is.
> chdir("/");
> chroot("/somedir");
> chdir("../../../..");

That one is easily checked.

I thought something like:

Friendly process:
mvdir("/somedir/some_path", "/bar");

was the actual escape?


Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

More information about the Linux-security-module-archive mailing list