Comment by mike_hock 4 years ago Isn't the rant about chroot kind of addressed by filesystem namespaces in Linux? 4 comments mike_hock Reply thomashabets2 4 years ago pledge() is not chroot-like. unveil() is, kinda. But pledge() is much cooler. mike_hock 4 years ago I didn't say it was. There's a long section about chroot() under "Caveats." thomashabets2 4 years ago Ah, sorry I misunderstood.Addressed, yeah, but I would not say solved for the general case of all the namespaces."Just put me in a (sand)box" is actually really tricky with namespaces, and depends on if you started off as root or not.More on using namespaces to drop privs: https://blog.habets.se/2022/03/Dropping-privileges.html (another backburner project)It's early morning so I may be wrong, but my testing seems to show that actually yes you can still fchdir() your way out of a file system namespace. 1 reply →
thomashabets2 4 years ago pledge() is not chroot-like. unveil() is, kinda. But pledge() is much cooler. mike_hock 4 years ago I didn't say it was. There's a long section about chroot() under "Caveats." thomashabets2 4 years ago Ah, sorry I misunderstood.Addressed, yeah, but I would not say solved for the general case of all the namespaces."Just put me in a (sand)box" is actually really tricky with namespaces, and depends on if you started off as root or not.More on using namespaces to drop privs: https://blog.habets.se/2022/03/Dropping-privileges.html (another backburner project)It's early morning so I may be wrong, but my testing seems to show that actually yes you can still fchdir() your way out of a file system namespace. 1 reply →
mike_hock 4 years ago I didn't say it was. There's a long section about chroot() under "Caveats." thomashabets2 4 years ago Ah, sorry I misunderstood.Addressed, yeah, but I would not say solved for the general case of all the namespaces."Just put me in a (sand)box" is actually really tricky with namespaces, and depends on if you started off as root or not.More on using namespaces to drop privs: https://blog.habets.se/2022/03/Dropping-privileges.html (another backburner project)It's early morning so I may be wrong, but my testing seems to show that actually yes you can still fchdir() your way out of a file system namespace. 1 reply →
thomashabets2 4 years ago Ah, sorry I misunderstood.Addressed, yeah, but I would not say solved for the general case of all the namespaces."Just put me in a (sand)box" is actually really tricky with namespaces, and depends on if you started off as root or not.More on using namespaces to drop privs: https://blog.habets.se/2022/03/Dropping-privileges.html (another backburner project)It's early morning so I may be wrong, but my testing seems to show that actually yes you can still fchdir() your way out of a file system namespace. 1 reply →
pledge() is not chroot-like. unveil() is, kinda. But pledge() is much cooler.
I didn't say it was. There's a long section about chroot() under "Caveats."
Ah, sorry I misunderstood.
Addressed, yeah, but I would not say solved for the general case of all the namespaces.
"Just put me in a (sand)box" is actually really tricky with namespaces, and depends on if you started off as root or not.
More on using namespaces to drop privs: https://blog.habets.se/2022/03/Dropping-privileges.html (another backburner project)
It's early morning so I may be wrong, but my testing seems to show that actually yes you can still fchdir() your way out of a file system namespace.
1 reply →