Re: Chroot bug
From: Adrian Bunk
Date: Tue Sep 25 2007 - 20:57:39 EST
On Wed, Sep 26, 2007 at 09:20:54AM +0930, David Newall wrote:
> Alan Cox wrote:
>> On Wed, 26 Sep 2007 01:05:07 +0930
>> David Newall <david@xxxxxxxxxxxxxxx> wrote:
>>> Alan Cox wrote:
>>>>> Marek's loading dynamic libraries, it seems clear that the prime
>>>>> purpose of chroot is to aid security. Being able to cd your way out is
>>>> Does it - I can't find any evidence for that.
>>> It seems self-evident to me. What do you think is it prime purpose?
>> Debugging and testing. At least that is as I understand it much of where
>> it came from.
> Good call. Though I suppose, since it's used 24x7 to aid security on
> countless production servers, that security dwarfs testing. Still,
> debugging, yes that's valid.
Incompetent people implementing security solutions are a real problem.
> I don't suppose it makes and difference; whatever the purpose, a chroot
> that doesn't change the root is buggy.
It does change the root.
But it does not limit what the root user can do after the root was
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/