Re: Chroot bug

From: Alan Cox
Date: Wed Sep 26 2007 - 06:43:50 EST

Next message: Olivier Galibert: "Re: Chroot bug"
Previous message: Maxim Uvarov: "[PATCH] Since we have counters in __u64 format we have to print themwith %llu macros."
In reply to: David Newall: "Re: Chroot bug"
Next in thread: David Newall: "Re: Chroot bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > The dot-dot entry in the root directory is interpreted to mean the
> > root directory itself. Thus, dot-dot cannot be used to access files
> > outside the subtree rooted at the root directory.

Which is behaviour chroot preserves properly.

The specification says explicitly

"The process working directory is unaffected by chroot()."

chroot is not and never has been a security tool. People have built
things based upon the properties of chroot but extended (BSD jails, Linux
vserver) but they are quite different.

You could probably write yourself an LSM module to do this too

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Olivier Galibert: "Re: Chroot bug"
Previous message: Maxim Uvarov: "[PATCH] Since we have counters in __u64 format we have to print themwith %llu macros."
In reply to: David Newall: "Re: Chroot bug"
Next in thread: David Newall: "Re: Chroot bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]