Re: chroot(2) and bind mounts as non-root
From: Alan Cox
Date: Wed Dec 07 2011 - 15:56:14 EST
On Wed, 07 Dec 2011 12:34:28 -0800
"H. Peter Anvin" <hpa@xxxxxxxxx> wrote:
> On 12/07/2011 09:54 AM, Colin Walters wrote:
> >
> > The historical reason one can't call chroot(2) as non-root is because of
> > setuid binaries (hard link a setuid binary into chroot of your choice
> > with trojaned libc.so).
>
> No. The historical reason is that it lets anyone escape a chroot jail:
Beg to differ
Nobody ever considered chroot a jail except a certain brand of
urban-legend-programming people. Indeed chroot has never been a jail
except in the 'open prison' security sense of it.
The big problem with chroot was abusing setuid binaries - particularly
things like uucp and /bin/mail.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/