Re: can chroot be made safe for non-root?

From: Philippe Troin (
Date: Wed Oct 16 2002 - 01:44:32 EST

Eric Buddington <> writes:

> I am eager to be able to sandbox my processes on a system without the
> help of suid-root programs (as I prefer to have none of these on my
> system).

Probably an impossible task...

> Would it be reasonable to allow non-root processes to chroot(), if the
> chroot syscall also changed the cwd for non-root processes?


  fd = open("/", O_RDONLY);

and you're out of the chroot.

> Is there a reason besides standards compliance that chroot() does not
> already change directory to the chroot'd directory for root processes?
> Would it actually break existing apps if it did change the directory?

Probably not. Make that: change the directory to chroot'd directory if
the current working directory is outside the chroot. That is, leave
the cwd alone if it is already inside the chroot.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:26 EST