[haiku-development] Re: chroot and package daemon bug

  • From: Ingo Weinhold <ingo_weinhold@xxxxxx>
  • To: haiku-development@xxxxxxxxxxxxx
  • Date: Fri, 12 Aug 2016 21:08:29 +0200

On 08/12/2016 08:43 PM, Adrien Destugues wrote:

On Thu, Aug 11, 2016 at 11:42:16PM +0200, Axel Dörfler wrote:
You also mentioned security issues -- those would not be fixed by this, as
you could send any root to the package daemon, and it would just take it for
granted.
However, a solution for this problem would be a bit more involved.

Well, only if you can discover the device/node for it. And if you have
that, you can access it anyway. One could send random values to the
package daemon until they get a sensible reply, but I don't know if we
can do much about that.

You don't need a the package daemon for that purpose. BDirectory conveniently has a node_ref constructor. Several APIs using entry_refs can be exploited in a similar way.

CU, Ingo


Other related posts: