Re: access to proc filesystem from chrooted process

Bernd Eckenfels (ecki@lina.inka.de)
Mon, 31 May 1999 02:38:11 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bernd Eckenfels: "Re: Capabilities done right [diff against 2.3.1]"
Previous message: Bernd Eckenfels: "Re: Capabilities done right [diff against 2.3.1]"

In article <19990522184117.A1895@storm.local> you wrote:
> But then you have to be careful if you use that as a security
> enhancement. Programs that are suid root can break out of their chroot
> by cd'ing to /proc/1/root.

Programs which can run as root can break out of the chroot anyway. At least
on the current linux implementation.

Greetings
Bernd

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bernd Eckenfels: "Re: Capabilities done right [diff against 2.3.1]"
Previous message: Bernd Eckenfels: "Re: Capabilities done right [diff against 2.3.1]"