Re: chroot

To: Christian Jaeger <christian.jaeger@sl.ethz.ch>
Cc: Peter Cordes <peter@llama.nslug.ns.ca>, debian-security@lists.debian.org
Subject: Re: chroot
From: Alan Shutko <ats@acm.org>
Date: Thu, 04 Oct 2001 22:56:36 -0400
Message-id: <87adz6x09n.fsf@wesley.springies.com>
In-reply-to: <p04320401b7e2c64c6cca@[192.168.1.2]>
References: <20010924032741.B15557@dat.etsit.upm.es> <200110010803.BAA27119@blars.org> <20011003210548.O5215@llama.nslug.ns.ca> <p04320401b7e2c64c6cca@[192.168.1.2]>

Christian Jaeger <christian.jaeger@sl.ethz.ch> writes:

> I think another one is creating a [k]mem device (haven't tried
> it). Afaik, LIDS people had to introduce/implement a new capability to
> block direct memory access, which implies that on a normal kernel you
> can't prevent root from escaping chroot.

And there's the way out mentioned in the chroot(2) manpage.

-- 
Alan Shutko <ats@acm.org> - In a variety of flavors!
I have not yet begun to byte!

Reply to:

References:
- chroot (was Re: Need Help with the Debian Securing Manual (contributions accepted))
  - From: Blars Blarson <blarson@blars.org>
- Re: chroot
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: chroot
  - From: Christian Jaeger <christian.jaeger@sl.ethz.ch>

Prev by Date: Re: other chroot things
Next by Date: Re: other chroot things
Previous by thread: Re: chroot
Next by thread: Re: chroot
Index(es):
- Date
- Thread