Re: can chroot be made safe for non-root?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Arjan van de Ven: "Re: [LARGE patch 23/124] sets sent over and over again Re: [PATCH] ext2/3 updates for 2.5.44 (1/11): Default mount options in superblock"
• Previous message: Russell King: "Re: [LARGE patch 23/124] sets sent over and over again Re: [PATCH] ext2/3 updates for 2.5.44 (1/11): Default mount options in superblock"
• Next in thread: Shaya Potter: "Re: can chroot be made safe for non-root?"
• Reply: Shaya Potter: "Re: can chroot be made safe for non-root?"

One idea would be to sigsegv the program which is doing a chroot with open
fds :)

> IIRC, FreeBSD allow a chroot'ed process to chroot again if and only if
> the
> new root is a subdirectory of the initial chroot. This allows things
> like
> traditional, chrooting anonymous FTP to be run under an initial chroot.

well, you can only changeroot in a subdir anyway, so this is not the point
that freebsd is allowing a chroot in a chroot. As far as I know they simply
solved the break out issue.

BTW: kill on open fd would solve the breakout issue, too.

Greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Arjan van de Ven: "Re: [LARGE patch 23/124] sets sent over and over again Re: [PATCH] ext2/3 updates for 2.5.44 (1/11): Default mount options in superblock"
• Previous message: Russell King: "Re: [LARGE patch 23/124] sets sent over and over again Re: [PATCH] ext2/3 updates for 2.5.44 (1/11): Default mount options in superblock"
• Next in thread: Shaya Potter: "Re: can chroot be made safe for non-root?"
• Reply: Shaya Potter: "Re: can chroot be made safe for non-root?"