Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sat, 19 Oct 2002 15:01:40 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sat, 19 Oct 2002 15:01:39 -0400 Received: from quechua.inka.de ([212.227.14.2]:20074 "EHLO mail.inka.de") by vger.kernel.org with ESMTP id ; Sat, 19 Oct 2002 15:01:39 -0400 From: Bernd Eckenfels To: linux-kernel@vger.kernel.org Subject: Re: can chroot be made safe for non-root? In-Reply-To: <20021019134445.B28191@ma-northadams1b-3.bur.adelphia.net> X-Newsgroups: ka.lists.linux.kernel User-Agent: tin/1.5.8-20010221 ("Blue Water") (UNIX) (Linux/2.0.39 (i686)) Message-Id: Date: Sat, 19 Oct 2002 21:07:42 +0200 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 626 Lines: 15 In article <20021019134445.B28191@ma-northadams1b-3.bur.adelphia.net> you wrote: > I do like the idea of preventing multiple chroots, as a second option. this is not enough to allow chroot for non root. There are just too many suid programs which rely on absolute path. So if one allows chroot() for non-root users, the usage of suid/sgid must be forbidden, too. Greetings bernd - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/