Re: linux-user-chroot 2012.2

From: Jan Engelhardt
Date: Sun Sep 09 2012 - 17:24:40 EST

Next message: David Rientjes: "Re: [PATCH 01/10] Makefile: Add optionCONFIG_DISABLE_GCC_AUTOMATIC_INLINING"
Previous message: Mathias Krause: "Re: Linux 3.6-rc5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 2012-08-13 20:10, Andy Lutomirski wrote:
>
>One of these days, I intend to resurrect my unprivileged chroot kernel
>patches. My current thought is to add a new syscall weak_chroot,
>which should have these properties:
>[...]
>3. Can't be used to break out of chroot jail.
>
>The interface might be:
>
>weak_chroot_at(int fd, const char *path, int flags)
>[...]
>I'm somewhat tempted to add a flag to weak_chroot_at to break out of
>weak_root jail to prevent people from thinking that it's a security
>feature. I'm not sure about that, though.

An at variant of chroot would seem to be even more open than the
current name-based variant of chroot.

fd1 = open("/", O_DIRECTORY);
fd2 = open("/home/whatever", O_DIRECTORY);
weak_chroot_at(fd2, ".", 0)
weak_chroot_at(fd1, ".", 0)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Rientjes: "Re: [PATCH 01/10] Makefile: Add optionCONFIG_DISABLE_GCC_AUTOMATIC_INLINING"
Previous message: Mathias Krause: "Re: Linux 3.6-rc5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]