Take a look at the GR Security patch. It has a whole bunch of chroot
restrictions, and might just do exactly what you want.
http://www.grsecurity.net
Vance
On Fri, 2002-07-05 at 06:50, Shaya Potter wrote:
> I'm trying to develop a way to ensure that one can't break out of a
> chroot() jail, even as root. I'm willing to change the way the syscalls
> work (most likely only for a subset of processes, i.e. processes that
> are run in the jail end up getting a marker which is passed down to all
> their children that causes the syscalls to behave differently).
>
> What should I be aware of? I figure devices (no need to run mknod in
> this jail) and chroot (as per man page), is there any other way of
> breaking the chroot jail (at a syscall level or otherwise)?
>
> or is this 100% impossible?
>
> thanks,
>
> shaya
-- ------------------------------------------------------------ Vance Lankhaar vance@pcsscreston.ca PCSS Yearbook yearbook@pcsscreston.ca PCSS Computers sysadmins@pcsscreston.ca http://www.crestonbc.com/pcss/ http://www.pcsscreston.ca ------------------------------------------------------------ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 07 2002 - 22:00:15 EST