> -----BEGIN PGP SIGNED MESSAGE-----
>
> assuming that you are smart enough to not give a process in a chroot box a
> file handle outside that box when you start it, is it still trivial to
> break out (as root) or is it now much more difficult?
No, as people have said over and over it is trivial.
You are missing the point below: you don't have to give the process a file
handle outside the chroot()ed area, they can make one by rechrooting.
>
> along the same lines, is it possible to chroot in a way that also changes
> the uid that the chrooted process is running under?
You can execute whatever code you want, sure.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/