home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.bsd
- Path: sparky!uunet!news.univie.ac.at!news.tu-graz.ac.at!fstgds01!chmr
- From: chmr@fstgds01.tu-graz.ac.at (Christoph Robitschko)
- Subject: Re: Yet another way to cause a kernel panic
- Message-ID: <1992Aug17.190232.16999@news.tu-graz.ac.at>
- Sender: news@news.tu-graz.ac.at (USENET News System)
- Nntp-Posting-Host: fstgds01
- Organization: Technical University of Graz, Austria
- References: <16of99INNide@disaster.Germany.EU.net>
- Date: Mon, 17 Aug 92 19:02:32 GMT
- Lines: 41
-
- In article <16of99INNide@disaster.Germany.EU.net> bs@Germany.EU.net (Bernard Steiner) writes:
- >Just found a nice way to cause a panic:
- >#include <unistd.h>
- >main()
- >{
- > chroot("/bin");
- > execl("./bin/sh", "-i", 0);
- >}
- >
- >compile; log in as root, cd / and execute program...
- >bin/sync syncs the disks, while bin/ls starts listing and then panics
- >the system. WHY ?
- >
- >Just because the process root is _above_ the process cwd is no legitimate
- >reason imho ;-)
- >
- >Cheers,
- > Bernard
-
- Exactly that is the reason; But it is not legitimate ;-)
-
- Here is a n excerpt from /sys/kern/vfs_lookup.c, around line 328:
-
- if (ndp->ni_isdotdot) {
- for (;;) {
- ! if (dp == ndp->ni_rootdir) {
- ndp->ni_dvp = dp;
-
- Change the line marked with ! so that it reads:
-
- if ((dp == ndp->ni_rootdir) || (dp == rootdir)) {
-
- This makes sure it never gets below the *system* root directory.
-
-
- Cheers,
- Christoph
- --
- ------------------------------------------------------------------------
- Christoph M. Robitschko | "the only man who got his work done by Friday
- chmr@edvz.tu-graz.ac.at | was Robinson Crusoe."
-
