On Wed, 26 Nov 2003, Jacques Gelinas wrote:
> On Wed, 26 Nov 2003 02:55:02 -0500, Enrico Scholz wrote
>
> > Please not that the current 'chmod 000' hack is not affected by this
> > attacks since it is a fixed barrier which can not be bypassed.
> >
> > Therefore, it will not make sense to hope on a
On Wed, 26 Nov 2003 02:55:02 -0500, Enrico Scholz wrote
> Please not that the current 'chmod 000' hack is not affected by this
> attacks since it is a fixed barrier which can not be bypassed.
>
> Therefore, it will not make sense to hope on a magic chrootsafe() syscall
> for vservers. Alternative
>
> Therefore, it will not make sense to hope on a magic chrootsafe() syscall
> for vservers. Alternative approaches like CLONE_NEWNS in combination with
> pivot_root() or 'mount --rbind /' (suggested by Rik van Riel) must
> be investigated to find better methods.
>
I say Rik and Herber - vserver
Hello,
on IRC two days ago we had a discussion about secure chroot()
implementation. To make it short: it does not exist a such one.
The details: the problem of current chroot(2) is that this syscall is
not stackable -- on every new chroot(2) invocation the dead zone will be
set to a new value a