Re: Linux 2.2.18pre21

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Thu Nov 16 2000 - 16:40:18 EST

Next message: David Hinds: "Re: [PATCH] pcmcia event thread. (fwd)"
Previous message: Paul Clements: "kernel panic on 2.2.14 in sg driver"
In reply to: jesse: "Re: Linux 2.2.18pre21"
Next in thread: Rogier Wolff: "Re: Linux 2.2.18pre21"
Reply: Rogier Wolff: "Re: Linux 2.2.18pre21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It's simply not good enough to close all directory file descriptors before chrooting.
>
> If calling chroot once you're already in a chroot jail was disallowed, it would stop
> this attack.

I think the problem here is that some people have the idea that chroot is
some kind of magical security device. Thats not true at all. You can build an
environment like that if you wish by closing other directory handles and having
no suitably priviledged code in the chroot area and stuff.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Hinds: "Re: [PATCH] pcmcia event thread. (fwd)"
Previous message: Paul Clements: "kernel panic on 2.2.14 in sg driver"
In reply to: jesse: "Re: Linux 2.2.18pre21"
Next in thread: Rogier Wolff: "Re: Linux 2.2.18pre21"
Reply: Rogier Wolff: "Re: Linux 2.2.18pre21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:11 EST