On 5/13/26 10:32 AM, Emmanuel Dreyfus wrote:
> On Wed, May 13, 2026 at 09:17:51AM +0100, Joe Orton wrote:
>> IIRC chroot jails are relatively easy to escape?
>
> They are if you are root: you can create a device and remount the root
> inside the chroot. A non-privilegied user cannot do that, but we could
> imagine an attacker tricking the root privilegied httpd parent(*) process
> into doing the dirty work.
>
> The point here may be so specify what the child can cause the parent
> process to do. Anything not specified is a security violation.
>
> (*) Is it called master? Or parent? Perhaps the document should
> define the approriate term.
I would say it is the parent process.
Regards
RĂ¼diger
