Alan Cox wrote:
> > It's simply not good enough to close all directory file descriptors before chrooting.
> >
> > If calling chroot once you're already in a chroot jail was disallowed, it would stop
> > this attack.
> I think the problem here is that some people have the idea that
> chroot is some kind of magical security device. Thats not true at
> all. You can build an environment like that if you wish by closing
> other directory handles and having no suitably priviledged code in
> the chroot area and stuff.
I read about the BSD Jail stuff a while ago.
It's a nice "operating system class lab project". Estimated time
needed: 40 hours.
This IS the magical security device.
Roger.
-- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * Common sense is the collection of * ****** prejudices acquired by age eighteen. -- Albert Einstein ******** - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:15 EST