Re: [PATCH] User chroot

From: H. Peter Anvin (
Date: Tue Jun 26 2001 - 19:45:15 EST

Followup to: <>
By author: Paul Menage <>
In newsgroup:
> It could potentially be useful for a network daemon (e.g. a simplified
> anonymous FTP server) that wanted to be absolutely sure that neither it
> nor any of its libraries were being tricked into following a bogus
> symlink, or a "/../" in a passed filename. After initialisation, the
> daemon could chroot() into its data directory, and safely only serve
> the set of files within that directory hierarchy.
> This could be regarded as the wrong way to solve such a problem, but
> this kind of bug seems to be occurring often enough on BugTraq that it
> might be useful if you don't have the resources to do a full security
> audit on your program (or if the source to some of your libraries
> isn't available).

If the source to some of your libraries aren't available, you have no
clue when/why/if they will try to access other files in the
filesystem. Since libc WILL do this, a random chroot() breaks libc
(unless you can set up a proper root environment), and therefore
pretty much anything else is pointless.


<> at work, <> in private!
"Unix gives you enough rope to shoot yourself in the foot."
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sat Jun 30 2001 - 21:00:15 EST