Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)

2021-03-16 Thread Mickaël Salaün
On 16/03/2021 20:31, Jann Horn wrote: > On Tue, Mar 16, 2021 at 8:26 PM Mickaël Salaün wrote: >> On 16/03/2021 20:04, Jann Horn wrote: >>> On Tue, Mar 16, 2021 at 6:02 PM Mickaël Salaün wrote: One could argue that chroot(2) is useless without a properly populated root hierarchy (i.e.

Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)

2021-03-16 Thread Jann Horn
On Tue, Mar 16, 2021 at 8:26 PM Mickaël Salaün wrote: > On 16/03/2021 20:04, Jann Horn wrote: > > On Tue, Mar 16, 2021 at 6:02 PM Mickaël Salaün wrote: > >> One could argue that chroot(2) is useless without a properly populated > >> root hierarchy (i.e. without /dev and /proc). However, there

Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)

2021-03-16 Thread Mickaël Salaün
On 16/03/2021 20:04, Jann Horn wrote: > On Tue, Mar 16, 2021 at 6:02 PM Mickaël Salaün wrote: >> One could argue that chroot(2) is useless without a properly populated >> root hierarchy (i.e. without /dev and /proc). However, there are >> multiple use cases that don't require the chrooting

Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)

2021-03-16 Thread Mickaël Salaün
On 16/03/2021 20:24, Kees Cook wrote: > On Tue, Mar 16, 2021 at 08:04:09PM +0100, Jann Horn wrote: >> On Tue, Mar 16, 2021 at 6:02 PM Mickaël Salaün wrote: >>> One could argue that chroot(2) is useless without a properly populated >>> root hierarchy (i.e. without /dev and /proc). However,

Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)

2021-03-16 Thread Kees Cook
On Tue, Mar 16, 2021 at 08:04:09PM +0100, Jann Horn wrote: > On Tue, Mar 16, 2021 at 6:02 PM Mickaël Salaün wrote: > > One could argue that chroot(2) is useless without a properly populated > > root hierarchy (i.e. without /dev and /proc). However, there are > > multiple use cases that don't

Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)

2021-03-16 Thread Jann Horn
On Tue, Mar 16, 2021 at 6:02 PM Mickaël Salaün wrote: > One could argue that chroot(2) is useless without a properly populated > root hierarchy (i.e. without /dev and /proc). However, there are > multiple use cases that don't require the chrooting process to create > file hierarchies with

Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)

2021-03-16 Thread Kees Cook
On Tue, Mar 16, 2021 at 06:01:35PM +0100, Mickaël Salaün wrote: > From: Mickaël Salaün > > Being able to easily change root directories enables to ease some > development workflow and can be used as a tool to strengthen > unprivileged security sandboxes. chroot(2) is not an access-control >

[PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)

2021-03-16 Thread Mickaël Salaün
From: Mickaël Salaün Being able to easily change root directories enables to ease some development workflow and can be used as a tool to strengthen unprivileged security sandboxes. chroot(2) is not an access-control mechanism per se, but it can be used to limit the absolute view of the