Re: chroot wrapper? (Re: Another pbuilder run finished)

To: debian-devel@lists.debian.org
Cc:
Subject: Re: chroot wrapper? (Re: Another pbuilder run finished)
From: Blars Blarson <blarson@blars.org>
Date: Thu, 2 Jan 2003 15:09:08 -0800
Message-id: <[🔎] 200301022309.h02N98pI015059@monkey.nat.blars.org>
In-reply-to: <[🔎] 1041527121.595.9.camel@altfrangg.fortytwo.ch>
References: <87hed1mjyd.wl@atoron.work.isl.doshisha.ac.jp.doshisha.ac.jp> <[🔎] E18U2DH-0004BC-00@mx1.toplink-plannet.de> <[🔎] 200301021127.35016.russell@coker.com.au> <[🔎] 200301022227.50650.peter@hawkins.emu.id.au> <[🔎] 200301022227.50650.peter@hawkins.emu.id.au>

In article <[🔎] 1041527121.595.9.camel@altfrangg.fortytwo.ch> 
avbidder@fortytwo.ch writes:
>Is there any reason (beyond Unix history), why chroot is root-only? Can
>anything bad happen at all?

I think it's because of the dozens of known ways that chroot doesn't
protect a system, and the potential for many more if you look hard.
chroot wasn't designed as a security firewall.

If I'm root behind a chroot, I'm root on the system.  If I design the
chroot area, I don't even have to be root behind the chroot.
-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden

Reply to:

References:
- Re: Another pbuilder run finished
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Another pbuilder run finished
  - From: Russell Coker <russell@coker.com.au>
- Re: Another pbuilder run finished
  - From: Peter Hawkins <peter@hawkins.emu.id.au>
- chroot wrapper? (Re: Another pbuilder run finished)
  - From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>

Prev by Date: Re: Suggested press release in reaction to RHAT dropping sparc and alpha
Next by Date: Re: /etc/passwd doesnt contain all users
Previous by thread: Re: chroot wrapper? (Re: Another pbuilder run finished)
Next by thread: Re: chroot wrapper? (Re: Another pbuilder run finished)
Index(es):
- Date
- Thread