Re: bind9-chroot (was: questions on ITP)

To: Peter Palfrader <weasel@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: bind9-chroot (was: questions on ITP)
From: Alan Shutko <ats@acm.org>
Date: Wed, 26 Sep 2001 17:11:08 -0400
Message-id: <[🔎] 87adzhd5eb.fsf@wesley.springies.com>
In-reply-to: <[🔎] 20010926213550.A29845@marvin.palfrader.org>
References: <[🔎] 20010926095644.R27861@salem.getuid.de> <[🔎] 20010926120833.A25979@marvin.palfrader.org> <[🔎] 20010926211133.A688@wonderland.linux.it> <[🔎] 20010926213550.A29845@marvin.palfrader.org>

Peter Palfrader <weasel@debian.org> writes:

> AFAIK mount -o ro --bind /etc/ foo/etc does not mount readonly. So
> there would be write access to the root partition in the chroot.

If they are not writable by the user of the chroot process, that isn't
a problem.  If the attacker gets root, the user can break the chroot.

-- 
Alan Shutko <ats@acm.org> - In a variety of flavors!
Anyone stupid enough to be caught by the police is probably guilty.

Reply to:

References:
- Re: bind9-chroot (was: questions on ITP)
  - From: Christian Kurz <shorty@debian.org>
- Re: bind9-chroot (was: questions on ITP)
  - From: Peter Palfrader <weasel@debian.org>
- Re: bind9-chroot (was: questions on ITP)
  - From: Marco d'Itri <md@Linux.IT>
- Re: bind9-chroot (was: questions on ITP)
  - From: Peter Palfrader <weasel@debian.org>

Prev by Date: Re: new packages: divx4linux and transcode
Next by Date: Re: lintian releases
Previous by thread: Re: bind9-chroot (was: questions on ITP)
Next by thread: Re: bind9-chroot (was: questions on ITP)
Index(es):
- Date
- Thread