H. Peter Anvin wrote:
>By author: Jorgen Cederlof <jc@lysator.liu.se>
>> If we only allow user chroots for processes that have never been
>> chrooted before, and if the suid/sgid bits won't have any effect under
>> the new root, it should be perfectly safe to allow any user to chroot.
>
>Safe, perhaps, but also completely useless: there is no way the user
>can set up a functional environment inside the chroot.
Why is it useless? It sounds useful to me, on first glance. If I want
to run a user-level network daemon I don't trust (for instance, fingerd),
isolating it in a chroot area sounds pretty nice: If there is a buffer
overrun in the daemon, you can get some protection [*] against the rest
of your system being trashed. Am I missing something obvious?
[*] Yes, I know chroot is not sufficient on its own to completely
protect against this, but it is a useful part of the puzzle, and
there are other things we can do to deal with the remaining holes.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jun 30 2001 - 21:00:15 EST