Joost Witteveen wrote: > Looking at the code, it seems as though chroot_safe simply uses the > normal chroot() call; I would think the binary running would not be > able to see the difference between `real' chroot and chroot_safe > (and should thus not be able to exploit bugs in chroot_safe). I'm thinking about a binary somehow managing to run code before the LD_PRELOAD hooks take effect, by perhaps tricking the dynamic linker, or overflowing a buffer in chroot_safe, or the like. Unlikely, for sure. -- see shy jo
Attachment:
signature.asc
Description: Digital signature