On Feb 26, Alexander Viro <viro@math.psu.edu> wrote:
>There is no way to implement them without credentials' cache. Which needs
>to be done for many other reasons, but that's a separate patch and
>separate story. If it's done - no serious penalty involved. However,
>I doubt that we want a union on / itself. /dev - sure, /bin and /lib -
>maybe, but /... What for?
What I'd really like to do is remount / somewhere with mount --bind,
mount over it another skeleton file system which hides setuid programs
and some directories and then run a chrooted sshd in the new root.
If I'm not missing something, this would make creation of secure chroot
environments very easy.
>Tomorrow I'll try to catch Erik and talk with him about that. I'm not sure
>that I know anyone in Debian Install System Team (oh, boy... somebody sure
Just write to debian-boot@lists.debian.org.
-- ciao, Marco- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 28 2001 - 21:00:11 EST