* Ritesh Raj Sarraf <r...@debian.org>, 2023-01-10 18:43:
The man page says that hostfs kernel param is "used to confine all
hostfs mounts to within the specified directory tree on the host". But
it's trivial to escape this confinements with ../ sequences:
# mount none -t hostfs -o ../../../../../../../../home/bob/secrets /mnt
Could you please share the kernel command line option passed to the
running uml instance ?
I used with something like this:
$ linux hostfs=/srv/chroots/unstable-i386/ rootfstype=hostfs init=/bin/sh
quiet
--
Jakub Wilk
