On Tue, 20 Aug 2002 00:28, Colin Watson wrote: > On Mon, Aug 19, 2002 at 04:03:51PM -0400, David Z Maze wrote: > > I think you need root privileges to actually enter the chroot jail. > > Other than that, it does seem like it should be possible to build the > > chroot image entirely in a fakeroot world, but I remember having tried > > this and failing. > > You'd have to acquire real root privileges from inside the fakeroot, > since the faked filesystem permissions go away as soon as that fakeroot > process dies ...
I've always thought it would be a fun hack to take some file system code from the kernel (Ext3 or ReiserFS), compile it as user-space code with some sort of client-server interface (unix domain sockets perhaps), and then have a LD_PRELOAD hack like fakeroot communicate with it. The file system would run entirely in user-space writing to either a regular file or a block device, and the person who ran it would have ultimate control. If the faked says that something gets UID=0 then it does! This shouldn't be that difficult, half of the code could probably be ripped from UML. -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field.
