Re: [PATCH v3 4/4] Allow unprivileged chroot when safe

From: Colin Walters
Date: Mon Jan 30 2012 - 18:11:10 EST

Next message: VÃctor Manuel JÃquez Leal: "[PATCH v2 0/8] staging: tidspbridge: clean up drv_interface.c"
Previous message: Danny Kukawka: "Re: [PATCH 11/16] ath5k: make ath5k_modparam_no_hw_rfkill_switch real"
In reply to: Andy Lutomirski: "Re: [PATCH v3 4/4] Allow unprivileged chroot when safe"
Next in thread: Andy Lutomirski: "Re: [PATCH v3 4/4] Allow unprivileged chroot when safe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2012-01-30 at 14:43 -0800, Andy Lutomirski wrote:

> You don't need a setuid binary. Just have an initscript set up the bind mounts.

The point is that dchroot is already setuid root, and calls chroot, so
it gains nothing from the ability to do it unprivileged.

(And wow, I just looked at the source, it's a setuid C++ binary! Using
boost. Ugh...)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: VÃctor Manuel JÃquez Leal: "[PATCH v2 0/8] staging: tidspbridge: clean up drv_interface.c"
Previous message: Danny Kukawka: "Re: [PATCH 11/16] ath5k: make ath5k_modparam_no_hw_rfkill_switch real"
In reply to: Andy Lutomirski: "Re: [PATCH v3 4/4] Allow unprivileged chroot when safe"
Next in thread: Andy Lutomirski: "Re: [PATCH v3 4/4] Allow unprivileged chroot when safe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]