> > The dot-dot entry in the root directory is interpreted to mean the > > root directory itself. Thus, dot-dot cannot be used to access files > > outside the subtree rooted at the root directory. Which is behaviour chroot preserves properly. The specification says explicitly "The process working directory is unaffected by chroot()." chroot is not and never has been a security tool. People have built things based upon the properties of chroot but extended (BSD jails, Linux vserver) but they are quite different. You could probably write yourself an LSM module to do this too Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: Chroot bug
- From: David Newall <[email protected]>
- Re: Chroot bug
- References:
- Re: sys_chroot+sys_fchdir Fix
- From: "Philipp Marek" <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: Philipp Marek <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: Bill Davidsen <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: "Serge E. Hallyn" <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: "Serge E. Hallyn" <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: "Serge E. Hallyn" <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- From: David Newall <[email protected]>
- Chroot bug (was: sys_chroot+sys_fchdir Fix)
- From: David Newall <[email protected]>
- Re: Chroot bug (was: sys_chroot+sys_fchdir Fix)
- From: Alan Cox <[email protected]>
- Re: Chroot bug
- From: David Newall <[email protected]>
- Re: Chroot bug
- From: Alan Cox <[email protected]>
- Re: Chroot bug
- From: David Newall <[email protected]>
- Re: Chroot bug
- From: Alan Cox <[email protected]>
- Re: Chroot bug
- From: David Newall <[email protected]>
- Re: sys_chroot+sys_fchdir Fix
- Prev by Date: [PATCH] Since we have counters in __u64 format we have to print them with %llu macros.
- Next by Date: Re: Chroot bug
- Previous by thread: Re: Chroot bug
- Next by thread: Re: Chroot bug
- Index(es):