On Sun, 2003-06-29 at 15:09, Willy TARREAU wrote:
> Hi Al and Marcelo,
>
> while I was trying to get maximum restrictions on a chroot on 2.4.21-pre,
> I found that it's always possible to mount a ramfs or a tmpfs on "..",
> and then upload whatever I wanted in it. It's a shame because I was
> trying to isolate network daemons inside empty, read-only file-systems,
> and I discovered that this effort was worthless. To resume, imagine a
> network daemon which does :
well...
you need to be root to mount. If you're root you can break out of a
chroot anyway....
This archive was generated by hypermail 2b29 : Mon Jun 30 2003 - 22:00:30 EST