Kyle Moffett wrote:
David, please do tell myself and Adrian how "locking down" chroot() the way you want will avoid letting root break out through any of the above ways?
As has been said, there are thousands of ways to break out of a chroot. It's just that one of them should not be that chroot lets you walk out. I can't explain it clearer than that. If you don't see it now you probably never will.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: Chroot bug
- From: Kyle Moffett <mrmacman_g4@mac.com>
- Re: Chroot bug
- From: Olivier Galibert <galibert@pobox.com>
- Re: Chroot bug
- References:
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <david@davidnewall.com>
- Re: sys_chroot+sys_fchdir Fix
- From: "Serge E. Hallyn" <serge@hallyn.com>
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <david@davidnewall.com>
- Re: sys_chroot+sys_fchdir Fix
- From: "Serge E. Hallyn" <serge@hallyn.com>
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <david@davidnewall.com>
- Chroot bug (was: sys_chroot+sys_fchdir Fix)
- From: David Newall <david@davidnewall.com>
- Re: Chroot bug (was: sys_chroot+sys_fchdir Fix)
- From: Alan Cox <alan@lxorguk.ukuu.org.uk>
- Re: Chroot bug
- From: David Newall <david@davidnewall.com>
- Re: Chroot bug
- From: Alan Cox <alan@lxorguk.ukuu.org.uk>
- Re: Chroot bug
- From: David Newall <david@davidnewall.com>
- Re: Chroot bug
- From: Adrian Bunk <bunk@kernel.org>
- Re: Chroot bug
- From: Kyle Moffett <mrmacman_g4@mac.com>
- Re: sys_chroot+sys_fchdir Fix
- Prev by Date: Re: Chroot bug
- Next by Date: Re: sys_chroot+sys_fchdir Fix
- Previous by thread: Re: Chroot bug
- Next by thread: Re: Chroot bug
- Index(es):
 |