[buildd-tools-devel] Bug#526788: Bug#526788: schroot allows a user to do a local DoS
Roger Leigh
rleigh at codelibre.net
Sun May 3 16:06:16 UTC 2009
On Sun, May 03, 2009 at 06:03:12PM +0200, Aurelien Jarno wrote:
> On Sun, May 03, 2009 at 04:39:23PM +0100, Roger Leigh wrote:
> > On Sun, May 03, 2009 at 05:12:01PM +0200, Aurelien Jarno wrote:
> > > Package: schroot
> > > Version: 1.2.2-1
> > > Severity: important
> > > Tags: security patch
> > >
> > > In script mode, schroot mounts a new tmpfs (with a default size of half
> > > the RAM) to act as /dev/shm inside the chroot and for each created
> > > chroot (a user can create more than one), as shown below. Those
> > > directories are world writable, meaning that a user can fill them, and
> > > with them RAM and swap. As soon as the whole RAM and swap have been
> > > filled, the kernel starts OOM killing every task, leading to a crash
> > > of the machine.
> >
> > This is also the case for /lib/init/rw. There should really be a strict
> > size limit placed on it (even on the host). #390184 BTW.
>
> /lib/init/rw is not world writable, so a normal user can't do anything
> here.
>
> > > The correct solution here is to bind mount /dev/shm, as it is already
> > > done for /home, /tmp and /dev/pts. The patch below does that:
> >
> > We share /home, /tmp for user convenience. We share /dev/pts because
> > there's no choice (we could mount it twice but it's pointless).
> > For /dev/shm we are sharing the POSIX SHM and SEM data between host
> > and chroot. My question here is, do we want to share that data?
> >
> > I'm perfectly happy with the patch, I just want to question whether
> > sharing shared memory is needed or desirable.
> >
>
> I am not sure it is something needed or desirable, however I don't think
> it is something that hurts. chroot() is something that only isolates the
> filesystem, and a lot of things are already shared between the host and
> the chroot.
OK, I'll apply the patch as is. I need to merge some other bits first,
but it should be done later on today with luck.
Thanks,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
More information about the Buildd-tools-devel
mailing list