--=_courier-29417-1056895843-0001-2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Sun, 2003-06-29 at 15:09, Willy TARREAU wrote:
> Hi Al and Marcelo,
>=20
> while I was trying to get maximum restrictions on a chroot on 2.4.21-pre,
> I found that it's always possible to mount a ramfs or a tmpfs on "..",
> and then upload whatever I wanted in it. It's a shame because I was
> trying to isolate network daemons inside empty, read-only file-systems,
> and I discovered that this effort was worthless. To resume, imagine a
> network daemon which does :
well...
you need to be root to mount. If you're root you can break out of a
chroot anyway....
--=_courier-29417-1056895843-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQA+/vMkxULwo51rQBIRAnwrAJ4xSSP17Z4ciDbQaXA5ROUTrk+YUwCfSYPj
jU/1rCdKEj6WKCKlNLVTHBM=
=iAJD
-----END PGP SIGNATURE-----
--=_courier-29417-1056895843-0001-2--