Re: pkgsel
On Sat, 27 Nov 1999, Jason Gunthorpe wrote:
>
> On Fri, 26 Nov 1999, Brandon Mitchell wrote:
>
> > And before you get the silly idea that chroot is secure, there is also
> > "chroot /proc/1/root".
>
> Does that seriously work?? Do the kernel people know? Gah - that sucks!
It's been around a long long time. Someone mentioned it years ago when I
asked about making a secure chrooted area that someone could have root in
without messing up my system. Of course you can disable proc, but then
there is the whole /dev directory, think /dev/hda. I'm sure there are
ways to make it secure, but you can't have anywhere near a fully
functional linux install too. I suppose hardware set in a read only mode
can eliminate some of the possible damage. If on the other hand they
aren't root, then there are no worries. You can't see /proc/1/root. You
can't create setuid binaries. So now you make a secure install and have
the file system privacy you normally get with separate machines.
Brandon
Brandon Mitchell * http://public.surfree.com/bmitch
bmitch@surfree.com * ICQ: 30631197
--
To UNSUBSCRIBE, email to debian-testing-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- Follow-Ups:
- Re: pkgsel
- From: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>
- References:
- Re: pkgsel
- From: Jason Gunthorpe <jgg@ualberta.ca>