Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 16 Oct 2002 01:45:11 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 16 Oct 2002 01:45:11 -0400 Received: from ma-northadams1b-3.bur.adelphia.net ([24.52.166.3]:36809 "EHLO ma-northadams1b-3.bur.adelphia.net") by vger.kernel.org with ESMTP id ; Wed, 16 Oct 2002 01:45:11 -0400 Date: Wed, 16 Oct 2002 01:51:06 -0400 From: Eric Buddington To: linux-kernel@vger.kernel.org Subject: can chroot be made safe for non-root? Message-ID: <20021016015106.E30836@ma-northadams1b-3.bur.adelphia.net> Reply-To: ebuddington@wesleyan.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: ECS Labs X-Eric-Conspiracy: there is no conspiracy Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 800 Lines: 18 I am eager to be able to sandbox my processes on a system without the help of suid-root programs (as I prefer to have none of these on my system). Would it be reasonable to allow non-root processes to chroot(), if the chroot syscall also changed the cwd for non-root processes? Is there a reason besides standards compliance that chroot() does not already change directory to the chroot'd directory for root processes? Would it actually break existing apps if it did change the directory? -Eric (who wishes there were better ways to run untrusted code) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/