Re: can chroot be made safe for non-root?

From: David Wagner (
Date: Wed Oct 16 2002 - 16:14:43 EST

Eric Buddington wrote:
>Would it be reasonable to allow non-root processes to chroot(), if the
>chroot syscall also changed the cwd for non-root processes?

It might be reasonable. It is a little bit tricky, as if you're not
careful, this can open up security holes. However, one course project
in a class I taught two years ago proposed a way to safely allow non-root
processes to use chroot(). Look here:

You might also be interested in the LSM project; in sandboxes like
SubDomain, Janus, SELinux, systrace, and the like; in privilege separation;
in OpenBSD's jail(); and similar topics.

>(who wishes there were better ways to run untrusted code)

Me, too.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:30 EST