Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 20 Oct 2002 10:43:28 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 20 Oct 2002 10:43:28 -0400 Received: from cs.columbia.edu ([128.59.16.20]:59294 "EHLO cs.columbia.edu") by vger.kernel.org with ESMTP id ; Sun, 20 Oct 2002 10:43:28 -0400 Subject: Re: can chroot be made safe for non-root? From: Shaya Potter To: Bernd Eckenfels Cc: linux-kernel@vger.kernel.org In-Reply-To: References: Content-Type: text/plain Organization: Message-Id: <1035125354.2172.5.camel@zaphod> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.1.2 (Preview Release) Date: 20 Oct 2002 10:49:14 -0400 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 973 Lines: 21 On Sun, 2002-10-20 at 06:40, Bernd Eckenfels wrote: > In article <200210191942.g9JJg2U26376@marc2.theaimsgroup.com> you wrote: > > IIRC, FreeBSD allow a chroot'ed process to chroot again if and only if > > the > > new root is a subdirectory of the initial chroot. This allows things > > like > > traditional, chrooting anonymous FTP to be run under an initial chroot. > > well, you can only changeroot in a subdir anyway, so this is not the point > that freebsd is allowing a chroot in a chroot. As far as I know they simply > solved the break out issue. didn't see the mail this is in response to, but are you talking about FreeBSD's jail() syscall? or are you talking about chroot() actually being able to nest? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/