in reply to Re: Re: exiting a chroot environment
in thread exiting a chroot environment
I wouldn't be as quick to declare that this is a Linux failing point. There are no guarantees made by any system that chroot() will ensure that exploits are not possible. chroot() is a UNIX hack to redefine /, and this is where its claim ends. If one truly wants a box to contain a user, one should consider using a virtual machine of some sort.
It isn't that 'other systems are sane', but rather, 'other systems implement chroot() as a more elaborate hack.' The cost, of course, is performance, and code complexity. Is Linux wrong for not choosing this path? I don't believe so. I believe it is wrong for people to assume that silver bullets to their security problems exist... :-)
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Re: Re: exiting a chroot environment
by sgifford (Prior) on Jul 08, 2003 at 03:03 UTC | |
by MarkM (Curate) on Jul 09, 2003 at 01:47 UTC | |
by sgifford (Prior) on Jul 09, 2003 at 05:09 UTC | |
Re: Re: Re: Re: exiting a chroot environment
by sauoq (Abbot) on Jul 08, 2003 at 03:51 UTC | |
by MarkM (Curate) on Jul 09, 2003 at 01:41 UTC | |
by sauoq (Abbot) on Jul 09, 2003 at 01:55 UTC | |
by MarkM (Curate) on Jul 09, 2003 at 01:59 UTC | |
by sauoq (Abbot) on Jul 09, 2003 at 02:10 UTC | |
|