Good luck to run chroot() or mknod() as non-root! If you start putting up arbitrary limits as what one can use, one can always just say "You can't run anything". Last time I checked, people who exploit things don't care if you are allowed to do this or that.
But I congratulate you, you have found yet another way to increase security by disallowing sharing rather completely. This assumes that you can execute programs, you missed the bit about not allowing that. You are dead wrong until you prove otherwise. That is, unless you talk about the Hurd, of course. chroot() is inherently unsecure by design on all platforms, get over it. And this although the subhurd is the most inflexible "solution" of them all, as it offers complete separation and no sharing at all. The sub-hurd is the _MOST_ _FLEXIBLE_ solution. What part of "a sub-hurd is a properly designed chroot" don't you get? The whole frigging point it not to share, and complete separation! If you allow sharing, and don't have it seperate you will be bound to getting someone who will poke a hole so big that a truck can drive through it. Then please let me ask you a question: What do you want to replace them with? Nothing, since I don't consider them a design flaw. _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
