Re: can chroot be made safe for non-root?

From: Eric Buddington (
Date: Sat Oct 19 2002 - 12:44:45 EST

On Tue, Oct 15, 2002 at 11:44:32PM -0700, Philippe Troin wrote:
> > Would it be reasonable to allow non-root processes to chroot(), if the
> > chroot syscall also changed the cwd for non-root processes?
> No.
> fd = open("/", O_RDONLY);
> chroot("/tmp");
> fchdir(fd);
> and you're out of the chroot.

I see. From my aesthetic, it would make sense for chroots to 'stack',
such that once a directory is made the root directory, its '..' entry
*always* points to itself, even after another chroot(). That would
prevent the above break (you could be outside the new root, but you
still couldn't back out past the old root), though perhaps at an
unacceptable in complexity.

I do like the idea of preventing multiple chroots, as a second option.

Thanks to everyone for all the useful comments.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:47 EST