The cleanest way of partially solving the problem is to make chroot also
do a chdir. That wouuld prevent this path of escape. However, root is
still root, so there's lots of other ways of escaping. The solution is
to have a controlled way of weakening root. 2.1.92 seems to have the
first cut of a capabilities system: I suspect it has some way to go
before its really useful though.
J
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu