Re: chroot

To: Alan Shutko <ats@acm.org>
Cc: debian-security@lists.debian.org
Subject: Re: chroot
From: Christian Jaeger <christian.jaeger@sl.ethz.ch>
Date: Mon, 8 Oct 2001 04:38:05 +0100
Message-id: <p04320400b7e6cb7f58d0@[192.168.1.2]>
In-reply-to: <87y9mn9k8c.fsf@wesley.springies.com>
References: <20010924032741.B15557@dat.etsit.upm.es> <200110010803.BAA27119@blars.org> <20011003210548.O5215@llama.nslug.ns.ca> <p04320401b7e2c64c6cca@[192.168.1.2]> <87adz6x09n.fsf@wesley.springies.com> <p04320401b7e63aaa6f0f@[192.168.1.2]> <87y9mnb9xf.fsf@wesley.springies.com> <20011007203050.79a3c03d.christian.jaeger@sl.ethz.ch> <20011007210233.3ad7ec58.christian.jaeger@sl.ethz.ch> <877ku7azdh.fsf@wesley.springies.com> <87y9mn9k8c.fsf@wesley.springies.com>

Ok, I see, seems like the kernel(s) should forbid to use the chrootsyscall again if a process has already a changed root. :-) Or bettermaybe introduce a chroot capability? Hmmm.. there IS a chrootcapability in linux2.4 as listed in include/linux/capability.h! So itseems at least under linux you could plug that hole.


Christian.

Reply to:

References:
- chroot (was Re: Need Help with the Debian Securing Manual (contributions accepted))
  - From: Blars Blarson <blarson@blars.org>
- Re: chroot
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: chroot
  - From: Christian Jaeger <christian.jaeger@sl.ethz.ch>
- Re: chroot
  - From: Alan Shutko <ats@acm.org>
- Re: chroot
  - From: Christian Jaeger <christian.jaeger@sl.ethz.ch>
- Re: chroot
  - From: Alan Shutko <ats@acm.org>
- Re: chroot
  - From: Alan Shutko <ats@acm.org>

Prev by Date: Re: URGENT RESPONSE!
Next by Date: re:IPTABLES SOS
Previous by thread: Re: chroot
Next by thread: Printer security (was Re: Need Help with the Debian Securing Manual (contributions accepted))
Index(es):
- Date
- Thread