Re: Chroot bug

From: Miloslav Semler
Date: Wed Sep 26 2007 - 07:35:10 EST

Next message: Jeff Garzik: "Re: [PATCH] ahci: enable GHC.AE bit before set GHC.HR"
Previous message: Alan Cox: "Re: sys_chroot+sys_fchdir Fix"
In reply to: Alan Cox: "Re: Chroot bug"
Next in thread: Alan Cox: "Re: Chroot bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox napsal(a):

but many program use this as security feature. So do you think that bind may use vserver?

It would be a lot stronger if it did. A bind running non-root will be
probably safe. A bind running as root can be attacked and break out of a
chroot trivially. I guess it depends how you run bind.

but not bind with selinux. It can chroot, but not does other things. So there is an question: Why we do not fix it. Tell me please some other reason than "you can workaround chroot other ways".

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: [PATCH] ahci: enable GHC.AE bit before set GHC.HR"
Previous message: Alan Cox: "Re: sys_chroot+sys_fchdir Fix"
In reply to: Alan Cox: "Re: Chroot bug"
Next in thread: Alan Cox: "Re: Chroot bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]