Eric Buddington wrote:
>Would it be reasonable to allow non-root processes to chroot(), if the
>chroot syscall also changed the cwd for non-root processes?
It might be reasonable. It is a little bit tricky, as if you're not
careful, this can open up security holes. However, one course project
in a class I taught two years ago proposed a way to safely allow non-root
processes to use chroot(). Look here:
http://www.cs.berkeley.edu/~smcpeak/cs261/index.html
You might also be interested in the LSM project; in sandboxes like
SubDomain, Janus, SELinux, systrace, and the like; in privilege separation;
in OpenBSD's jail(); and similar topics.
>(who wishes there were better ways to run untrusted code)
Me, too.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:30 EST