Re: Chroot bug

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Miloslav Semler <majkls@...>

To: Alan Cox <alan@...>

Cc: <linux-kernel@...>

Subject: Re: Chroot bug

Date: Wednesday, September 26, 2007 - 7:34 am

Alan Cox napsal(a):
quoted text>> but many program use this as security feature. So do you think that bind 
>> may use vserver?
>>     
>
> It would be a lot stronger if it did. A bind running non-root will be
> probably safe. A bind running as root can be attacked and break out of a
> chroot trivially. I guess it depends how you run bind.
>   
but not bind with selinux. It can chroot, but not  does other things. So 
there is an question: Why we do not fix it. Tell me please some other 
reason than "you can workaround chroot other ways".

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: Chroot bug, Miloslav Semler, (Wed Sep 26, 7:34 am)

Re: Chroot bug, Alan Cox, (Wed Sep 26, 10:09 am)

Navigation

Popular discussions


linux-kernel:
Ingo Molnar	[patch 12/13] syslets: x86: optimized copy_uatom()
Greg Kroah-Hartman	[PATCH 017/196] aoechr: Convert from class_device to device
Yinghai Lu	Re: 2.6.26, PAT and AMD family 6
Jan Engelhardt	intel iommu (Re: -mm merge plans for 2.6.23)
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Natalie Protasevich	[BUG] New Kernel Bugs
openbsd-misc:

Colocation donated by:

Online users

strcmp

Syndicate