| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Mar 2013 10:16:03 -0500 From: Rob Landley <rob@...dley.net> To: Tal Tchwella <tal.tchwella@...il.com> Cc: linux-kernel@...r.kernel.org, tchwella@....edu Subject: Re: [PATCH 0/3] Patches to enable chroot for all users On 03/20/2013 07:53:42 AM, Tal Tchwella wrote: > I want to suggest adding chroot capability to all users. I note that chroot doesn't quite do what most people think it does: http://landley.net/notes-2011.html#02-06-2011 I've had a todo item forever to modify chroot to actually change the process-local mount tree, creating a bind mount if necessary for the new directory, reparenting the mount tree to that bind mount, and making sure that reference counting can free unused mounts that this would discard. (Except rootfs always needs a nonzero reference count.) The problem isn't adding security checks, the problem is that having a "/" symlink point somewhere _other_ than the actual top of the process-local mount tree is obsolete now that there isn't a single global mount tree for all processes. (Yes, this would mean it might need to create a new namespace.) Rob-- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists