prevent breaking a chroot() jail?

Shaya Potter (spotter@cs.columbia.edu)
05 Jul 2002 09:50:02 -0400


I'm trying to develop a way to ensure that one can't break out of a
chroot() jail, even as root. I'm willing to change the way the syscalls
work (most likely only for a subset of processes, i.e. processes that
are run in the jail end up getting a marker which is passed down to all
their children that causes the syscalls to behave differently).

What should I be aware of? I figure devices (no need to run mknod in
this jail) and chroot (as per man page), is there any other way of
breaking the chroot jail (at a syscall level or otherwise)?

or is this 100% impossible?

thanks,

shaya

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/