Gordon Matzigkeit <gord@fig.org> writes: > I think there's a misunderstanding here. [...] Thanks for the explanation. I thought that Roland wanted the chdir for the Unix reasons, while the Hurd reasons and effects are quite different. I'll go now and chant a thousand times: "Gnu's not Unix". > Robbe> Morale of the story: keeping a uid=0 process in a chroot jail > Robbe> is moderately pointless. Give it a higher uid, too. > > I don't think that's necessary, for the reasons above. While the most simplest route to escape a chroot is barred, I'm sure there are others still (e.g. root can still access mach devices), so I stand by that advice yet. -- Robbe
Attachment:
signature.ng
Description: PGP signature