Re: pkgsel

To: Jason Gunthorpe <jgg@ualberta.ca>
Cc: Debian Testing Group <debian-testing@lists.debian.org>
Subject: Re: pkgsel
From: Brandon Mitchell <bmitch@surfree.com>
Date: Sat, 27 Nov 1999 08:59:20 -0500 (EST)
Message-id: <[🔎] Pine.LNX.3.96.991127084836.1598A-100000@localhost>
In-reply-to: <[🔎] Pine.LNX.3.96.991127021135.18674N-100000@wakko.deltatee.com>

On Sat, 27 Nov 1999, Jason Gunthorpe wrote:

> 
> On Fri, 26 Nov 1999, Brandon Mitchell wrote:
> 
> > And before you get the silly idea that chroot is secure, there is also
> > "chroot /proc/1/root".
> 
> Does that seriously work?? Do the kernel people know? Gah - that sucks!

It's been around a long long time.  Someone mentioned it years ago when I
asked about making a secure chrooted area that someone could have root in
without messing up my system.  Of course you can disable proc, but then
there is the whole /dev directory, think /dev/hda.  I'm sure there are
ways to make it secure, but you can't have anywhere near a fully
functional linux install too.  I suppose hardware set in a read only mode
can eliminate some of the possible damage.  If on the other hand they
aren't root, then there are no worries.  You can't see /proc/1/root.  You
can't create setuid binaries.  So now you make a secure install and have
the file system privacy you normally get with separate machines.

Brandon

    Brandon Mitchell  *  http://public.surfree.com/bmitch  
  bmitch@surfree.com  *  ICQ: 30631197  

--  
To UNSUBSCRIBE, email to debian-testing-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: pkgsel
  - From: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>

References:
- Re: pkgsel
  - From: Jason Gunthorpe <jgg@ualberta.ca>

Prev by Date: Re: pkgsel
Next by Date: Re: Compaq Deskpro XL5133
Previous by thread: Re: pkgsel
Next by thread: Re: pkgsel
Index(es):
- Date
- Thread