Re: [PATCH] User chroot

From: David Wagner (
Date: Tue Jun 26 2001 - 19:48:14 EST

H. Peter Anvin wrote:
>By author: Jorgen Cederlof <>
>> If we only allow user chroots for processes that have never been
>> chrooted before, and if the suid/sgid bits won't have any effect under
>> the new root, it should be perfectly safe to allow any user to chroot.
>Safe, perhaps, but also completely useless: there is no way the user
>can set up a functional environment inside the chroot.

Why is it useless? It sounds useful to me, on first glance. If I want
to run a user-level network daemon I don't trust (for instance, fingerd),
isolating it in a chroot area sounds pretty nice: If there is a buffer
overrun in the daemon, you can get some protection [*] against the rest
of your system being trashed. Am I missing something obvious?

[*] Yes, I know chroot is not sufficient on its own to completely
    protect against this, but it is a useful part of the puzzle, and
    there are other things we can do to deal with the remaining holes.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sat Jun 30 2001 - 21:00:15 EST