>
> On Tue, 31 Mar 1998, Jeremy Fitzhardinge wrote:
>
> > Hi all,
> >
> > Here's a patch which prevents chrooted processes from escaping from
> > their chrooted area via /proc.
>
> Hi,
>
> I'm not sure I agree with this approach -- perhaps root processes should
> not be allowed to use the mount() syscall if root_dir != real_root. The
> other main source of nastiness is ptrace() -- this needs to be banned in a
> similar manner. There are other ways root could escape a chroot()
> jail, we need to think about them and eliminate them one by one.
- mknod()
Other are not that nasty, but still nasty:
- bind(): the lower ports are reserved to root, so another box may trust
that a connection is coming from a system program, and not a
user process.
But before changing the WELL established rules about chroot (and root in a
chroot environment was always dangerous), what about a new syscall:
makesandbox()?
Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu