Return to BSD News archive
Newsgroups: comp.unix.bsd
Path: sserve!manuel!munnari.oz.au!uunet!news.univie.ac.at!news.tu-graz.ac.at!fstgds01!chmr
From: chmr@fstgds01.tu-graz.ac.at (Christoph Robitschko)
Subject: Re: Yet another way to cause a kernel panic
Message-ID: <1992Aug17.190232.16999@news.tu-graz.ac.at>
Sender: news@news.tu-graz.ac.at (USENET News System)
Nntp-Posting-Host: fstgds01
Organization: Technical University of Graz, Austria
References: <16of99INNide@disaster.Germany.EU.net>
Date: Mon, 17 Aug 92 19:02:32 GMT
Lines: 41
In article <16of99INNide@disaster.Germany.EU.net> bs@Germany.EU.net (Bernard Steiner) writes:
>Just found a nice way to cause a panic:
>#include <unistd.h>
>main()
>{
> chroot("/bin");
> execl("./bin/sh", "-i", 0);
>}
>
>compile; log in as root, cd / and execute program...
>bin/sync syncs the disks, while bin/ls starts listing and then panics
>the system. WHY ?
>
>Just because the process root is _above_ the process cwd is no legitimate
>reason imho ;-)
>
>Cheers,
> Bernard
Exactly that is the reason; But it is not legitimate ;-)
Here is a n excerpt from /sys/kern/vfs_lookup.c, around line 328:
if (ndp->ni_isdotdot) {
for (;;) {
! if (dp == ndp->ni_rootdir) {
ndp->ni_dvp = dp;
Change the line marked with ! so that it reads:
if ((dp == ndp->ni_rootdir) || (dp == rootdir)) {
This makes sure it never gets below the *system* root directory.
Cheers,
Christoph
--
------------------------------------------------------------------------
Christoph M. Robitschko | "the only man who got his work done by Friday
chmr@edvz.tu-graz.ac.at | was Robinson Crusoe."