[cfe-dev] A patch for chroot checker

章磊 ioripolo at gmail.com
Sat Sep 18 20:38:06 PDT 2010


Hi Zhongxing,

Here are several simple examples( assume all function can successfully
execute ):

   - workding directory: /home/polo/test/chr

chroot("/var/local/ftp");  // root changed.
chdir("../../");                   // working directory changed to
"/home/polo/", it's out of the jail.
chdir("/");                        // enter the jail. working directory
changed to "/var/local/ftp".
foo();                               // call any other function, ok

   - workding directory: /home/polo/test/chr

chroot("/var/local/ftp");  // root changed.
chdir("/");                        // enter the jail. working directory
changed to "/var/local/ftp".
chdir("../../");                   // working directory is still
"/var/local/ftp", can't escape from the jail.
foo();                               // call any other function, ok

   - workding directory: /home/polo/test/chr

chroot("/var/local/ftp");  // root changed.
chdir("../../");                   // working directory changed to
"/home/polo/", it's out of the jail.
foo();                               // call any other function, may access
files outside of the jail.

Above is my understanding of chroot and chdir. So IMO the full state
transition is something like:

NO_CHROOT ---chroot(foo)--> ROOT_CHANGED ---------------chdir(/) -->
JAIL_ENTERED

|                                                                      |

--chdir('..') --> ROOT_CHANGED             --chdir('..')-->JAIL_ENTERED

|                                                                      |
                                                                   --foo()
-->JAIL_BROKEN or bug                --foo()-->JAIL_ENTERED


2010/9/18 Zhongxing Xu <xuzhongxing at gmail.com>

>
>
> 2010/9/17 章磊 <ioripolo at gmail.com>
>
> Hi Zhongxing,
>>
>> I think "use enums to represent the type state" it's ok for now, but i am
>> not sure it meets the needs in future if we need more precise analysis.
>>
>> More comments inline below.
>>
>> 2010/9/16 Zhongxing Xu <xuzhongxing at gmail.com>
>>
>> Hi Lei,
>>>
>>> Instead of introducing new symbols, how about use enums to represent the
>>> type state?
>>>
>>> For example, we could use the following states:
>>>
>>> NO_CHROOT, ROOT_CHANGED, JAIL_ENTERED, JAIL_BROKEN
>>>
>>> NO_CHROOT ---chroot(foo)--> ROOT_CHANGED ---chdir(/)--> JAIL_ENTERED
>>>                                                                    |
>>>
>>> ------chdir('..')--> JAIL_BROKEN
>>>
>>
>> IMO, it's something like this:
>>
>>
>> NO_CHROOT ---chroot(foo)--> ROOT_CHANGED ---chdir(/) --> JAIL_ENTERED
>>
>>                                                                    |
>>
>> ------chdir('..') --> ROOT_CHANGED
>>                                                                    |
>>
>> ------foo() -->JAIL_BROKEN
>>
>> What you think?
>>
>
> Sorry, I'm not sure about this. Do you have any references that explain
> what you are checking for?
>
>
>>
>>
>>> These states are stored directly in the GDM and operated by the
>>> ChrootChecker. Is this sufficient for checking this?
>>>
>>
>> OK, I'll do this later.
>>
>>
>>>
>>> On Tue, Sep 14, 2010 at 4:09 PM, 章磊 <ioripolo at gmail.com> wrote:
>>>
>>>> hi, clang
>>>>
>>>> This patch try to check improper use of chroot.
>>>>
>>>> In order to implement this checker, i add a subclass (SymbolEnv) of
>>>> SymbolData to represent some environment variables. Now it contains only one
>>>> kind of environment variables(JailKind).Then adds several states to the Jail
>>>> Symbol.
>>>>
>>>> This is an experimental checker, and i don't know it is the right way to
>>>> do this stuff.
>>>>
>>>> I'll appreciate it if there are any advice about this patch.
>>>>
>>>>
>>>>
>>>> --
>>>> Best regards!
>>>>
>>>> Lei Zhang
>>>>
>>>> _______________________________________________
>>>> cfe-dev mailing list
>>>> cfe-dev at cs.uiuc.edu
>>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>>>
>>>>
>>>
>>
>>
>> --
>> Best regards!
>>
>> Lei Zhang
>>
>
>


-- 
Best regards!

Lei Zhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20100919/dc685bdc/attachment.html>


More information about the cfe-dev mailing list