[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHmME9qaqRSL05diFJM=-9UPCaMBhj9LrVWN4SbRGP71J1e-pQ@mail.gmail.com>
Date: Thu, 6 Jun 2013 15:31:25 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: chroots & uid sharing
Alright that one-liner killed kittens. Sorry. Here we go:
frisell zx2c4 # cat find-bad-chroots.py
#!/usr/bin/env python2
import os
chroots = { }
for pid in os.listdir("/proc/"):
if not pid.isdigit():
continue
try:
uid = os.stat("/proc/" + pid).st_uid
root = os.readlink("/proc/" + pid + "/root")
except:
continue
if uid not in chroots:
chroots[uid] = [root]
elif root not in chroots[uid]:
chroots[uid].append(root)
for uid in chroots:
if len(chroots[uid]) > 1:
print "UID: %d" % uid
for root in chroots[uid]:
print "\t%s" % root
frisell zx2c4 # ./find-bad-chroots.py
UID: 25
/var/empty
/
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
