http://qs321.pair.com?node_id=272534


in reply to Re: Re: Re: Re: exiting a chroot environment
in thread exiting a chroot environment

What you are talking about is practical experience, and observation. The exact details regarding chroot() do indeed vary by implementation, and therefore, cannot be safely assumed.

As opposed to me demanding you accept my mortal words, I will refer you to a URL that seems to be quite valuable with regard to this topic. Yes, the easiest exploits involve the user running as root. This should not be taken for granted. Additional precautions are necessary.

http://www.unixwiz.net/techtips/chroot-practices.html

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Re: exiting a chroot environment
by sgifford (Prior) on Jul 09, 2003 at 05:09 UTC

    I agree that the details of what happens when you have UID 0 inside a chroot environment vary from system to system. Essentially, problem is that you have an unstoppable force (root) up against an immovable object (chroot), and the results of these situations are always tricky...

    For all other UIDs, though, behavior is consistent between systems. The URL you mention agrees with this, and my experience agrees with this. As long as you code carefully, know its limits, and are not UID 0, chroot does what it says it will, and is no more of a "clever hack" than any other system call.