can chroot be made safe for non-root?

From: Eric Buddington (eric@ma-northadams1b-3.bur.adelphia.net)
Date: Wed Oct 16 2002 - 00:51:06 EST

Next message: Michael Clark: "Re: [Kernel 2.5] Qlogic 2x00 driver"
Previous message: Richard Gooch: "[PATCH] devfs v218 available"
Next in thread: Philippe Troin: "Re: can chroot be made safe for non-root?"
Reply: Philippe Troin: "Re: can chroot be made safe for non-root?"
Reply: David Wagner: "Re: can chroot be made safe for non-root?"
Maybe reply: Niels Provos: "Re: can chroot be made safe for non-root?"
Reply: Pavel Machek: "Re: can chroot be made safe for non-root?"
Maybe reply: Hank Leininger: "Re: can chroot be made safe for non-root?"
Maybe reply: Bernd Eckenfels: "Re: can chroot be made safe for non-root?"
Maybe reply: Martin Josefsson: "Re: can chroot be made safe for non-root?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am eager to be able to sandbox my processes on a system without the
help of suid-root programs (as I prefer to have none of these on my
system).

Would it be reasonable to allow non-root processes to chroot(), if the
chroot syscall also changed the cwd for non-root processes?

Is there a reason besides standards compliance that chroot() does not
already change directory to the chroot'd directory for root processes?
Would it actually break existing apps if it did change the directory?

-Eric
(who wishes there were better ways to run untrusted code)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Clark: "Re: [Kernel 2.5] Qlogic 2x00 driver"
Previous message: Richard Gooch: "[PATCH] devfs v218 available"
Next in thread: Philippe Troin: "Re: can chroot be made safe for non-root?"
Reply: Philippe Troin: "Re: can chroot be made safe for non-root?"
Reply: David Wagner: "Re: can chroot be made safe for non-root?"
Maybe reply: Niels Provos: "Re: can chroot be made safe for non-root?"
Reply: Pavel Machek: "Re: can chroot be made safe for non-root?"
Maybe reply: Hank Leininger: "Re: can chroot be made safe for non-root?"
Maybe reply: Bernd Eckenfels: "Re: can chroot be made safe for non-root?"
Maybe reply: Martin Josefsson: "Re: can chroot be made safe for non-root?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:26 EST