can chroot be made safe for non-root?

Eric Buddington (eric@ma-northadams1b-3.bur.adelphia.net)
Wed, 16 Oct 2002 01:51:06 -0400

I am eager to be able to sandbox my processes on a system without the
help of suid-root programs (as I prefer to have none of these on my
system).

Would it be reasonable to allow non-root processes to chroot(), if the
chroot syscall also changed the cwd for non-root processes?

Is there a reason besides standards compliance that chroot() does not
already change directory to the chroot'd directory for root processes?
Would it actually break existing apps if it did change the directory?

-Eric
(who wishes there were better ways to run untrusted code)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/