> Hi all,
>
> Here's a patch which prevents chrooted processes from escaping from
> their chrooted area via /proc.
Hi,
I'm not sure I agree with this approach -- perhaps root processes should
not be allowed to use the mount() syscall if root_dir != real_root. The
other main source of nastiness is ptrace() -- this needs to be banned in a
similar manner. There are other ways root could escape a chroot()
jail, we need to think about them and eliminate them one by one.
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu