Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932590AbVKPFo2 (ORCPT ); Wed, 16 Nov 2005 00:44:28 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932589AbVKPFo1 (ORCPT ); Wed, 16 Nov 2005 00:44:27 -0500 Received: from dial169-252.awalnet.net ([213.184.169.252]:10255 "EHLO raad.intranet") by vger.kernel.org with ESMTP id S932587AbVKPFo1 (ORCPT ); Wed, 16 Nov 2005 00:44:27 -0500 From: Al Boldi To: Linus Torvalds Subject: Re: [PATCH 12/18] shared mount handling: bind and rbind Date: Wed, 16 Nov 2005 08:35:28 +0300 User-Agent: KMail/1.5 Cc: Ram Pai , Miklos Szeredi , Al Viro , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Rob Landley References: <200511152129.04079.rob@landley.net> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200511160835.28636.a1426z@gawab.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 746 Lines: 20 Linus Torvalds wrote: > This is why we have "pivot_root()" and "chroot()", which can both be used > to do what you want to do. You mount the new root somewhere else, and then > you chroot (or pivot-root) to it. And THEN you do 'chdir("/")' to move the > cwd into the new root too (and only at that point have you "lost" the old > root - although you can actually get it back if you have some file > descriptor open to it). Wouldn't this constitute a security flaw? Shouldn't chroot jail you? -- Al - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/