Re: can chroot be made safe for non-root?

From: Bernd Eckenfels (ecki-news2002-09@lina.inka.de)
Date: Sat Oct 19 2002 - 14:07:42 EST

Next message: robert swan: "usb joystick causing kernel panic"
Previous message: Bill Davidsen: "Re: [PATCH 2.5.43-mm2] New shared page table patch"
In reply to: Eric Buddington: "Re: can chroot be made safe for non-root?"
Next in thread: Jesse Pollard: "Re: can chroot be made safe for non-root?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article <20021019134445.B28191@ma-northadams1b-3.bur.adelphia.net> you wrote:
> I do like the idea of preventing multiple chroots, as a second option.

this is not enough to allow chroot for non root. There are just too many
suid programs which rely on absolute path. So if one allows chroot() for
non-root users, the usage of suid/sgid must be forbidden, too.

Greetings
bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: robert swan: "usb joystick causing kernel panic"
Previous message: Bill Davidsen: "Re: [PATCH 2.5.43-mm2] New shared page table patch"
In reply to: Eric Buddington: "Re: can chroot be made safe for non-root?"
Next in thread: Jesse Pollard: "Re: can chroot be made safe for non-root?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:49 EST