Re: Security patch for /proc

Jeremy Fitzhardinge (jeremy@zip.com.au)
Fri, 03 Apr 1998 00:22:33 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gert Doering: "Re: ttyS1 hangs, cua1 works fine"
Previous message: sistema@readysoft.es: "missing symbols in 2.1.91"

Paul Wouters wrote:
> Isn't it possible to prohibit chroot() if the current process is already
> chroot()ed? I can't see a reason why to have a chroot environment within
> a chroot environment. Or would this be touching features of some sort of
> securelevel switch where we disallow chroot after being chrooted?

The cleanest way of partially solving the problem is to make chroot also
do a chdir. That wouuld prevent this path of escape. However, root is
still root, so there's lots of other ways of escaping. The solution is
to have a controlled way of weakening root. 2.1.92 seems to have the
first cut of a capabilities system: I suspect it has some way to go
before its really useful though.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Gert Doering: "Re: ttyS1 hangs, cua1 works fine"
Previous message: sistema@readysoft.es: "missing symbols in 2.1.91"