Re: Different roots for each process possible?
> It seems I wasn't clear enough.
I think I understand you, but it seems that I was not clear enough about
how the Hurd works.
> Now, the prisoner doesn't have any references to the outside of the
> prison, you made sure of that (I'm ignoring some other potential
> problems like other processes that the prisoner might attcah a
> debugger to). But watch him breaking out using only another chroot...
>
> $ mkdir foo
> $ chroot foo # Shrink the prison, without changing the cwd.
> $ cat ../file # Now our cwd is outside the prison! Use it.
> Freedom
This does not work on the Hurd. After that chroot, the current working
directory still behaves just as it did before the chroot--that is, ".." is
still redirected back to "." ("/the/prison"). If you like, there is a new
"prison" created whenever you do a chroot call (prisons within prisons).
This is actually done by the file_parent RPC, which creates what in our
source code we call a "shadow tree" stemming from the "shadow root" that is
what file_parent returns (and becomes the process's root directory port).
> So on unix, you have to do
>
> $ chroot /the/prison
> $ cd /
> $ su some-non-root-user prisoner
>
> and rely on non-root users not having enough privileges to use chroot.
Reply to: