[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chroot wrapper? (Re: Another pbuilder run finished)

In article <[🔎] 1041527121.595.9.camel@altfrangg.fortytwo.ch> 
avbidder@fortytwo.ch writes:
>Is there any reason (beyond Unix history), why chroot is root-only? Can
>anything bad happen at all?

I think it's because of the dozens of known ways that chroot doesn't
protect a system, and the potential for many more if you look hard.
chroot wasn't designed as a security firewall.

If I'm root behind a chroot, I'm root on the system.  If I design the
chroot area, I don't even have to be root behind the chroot.
Blars Blarson			blarson@blars.org
"Text is a way we cheat time." -- Patrick Nielsen Hayden

Reply to: