Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 16 Nov 2000 18:26:34 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 16 Nov 2000 18:26:25 -0500 Received: from p3EE3C857.dip.t-dialin.net ([62.227.200.87]:15883 "HELO emma1.emma.line.org") by vger.kernel.org with SMTP id ; Thu, 16 Nov 2000 18:26:18 -0500 Date: Thu, 16 Nov 2000 23:56:15 +0100 From: Matthias Andree To: linux-kernel@vger.kernel.org Subject: Re: Linux 2.2.18pre21 Message-ID: <20001116235615.B20283@emma1.emma.line.org> Mail-Followup-To: linux-kernel@vger.kernel.org In-Reply-To: <20001116150704.A883@emma1.emma.line.org> <20001116171618.A25545@athlon.random> <20001116115249.A8115@wirex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001116115249.A8115@wirex.com>; from jesse@wirex.com on Thu, Nov 16, 2000 at 11:52:49 -0800 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 16 Nov 2000, jesse wrote: > But the problem is because you can call chroot when you're already chrooted. It's a non-problem. chroot()ing again may also be used to de-escalate privileges, and if you want to prevent breaking out of a chroot, drop root privileges, since chroot is a privileged call. And DO USE setuid, not seteuid or something (otherwise the saved set-uid will bite you). -- Matthias Andree - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/