On Thu, 27 Sep 2007 06:49:28 +0930 David Newall <david@davidnewall.com> wrote:So keep reading the links I gave you: http://www.unixwiz.net/techtips/chroot-practices.html The chroot call itself does not change the working directory, so if the new root is below the current directory, the application can still have access outside resources. http://www.bpfh.net/simes/computing/chroot-break.html chdir("/foo/bar"); chroot("/foo/bar"); Note the use of the chdir() call before the chroot() call. This is to ensure that the working directory of the process is within the chroot()ed area before the chroot() call takes place. This is due to most implementations of chroot() not changing the working directory of the process to within the directory the process is now chroot()ed in. http://www.faqs.org/faqs/unix-faq/programmer/secure-programming/ The chroot() call itself will only change the root file system in the process' context. A chroot() call must be followed by a chdir("/") call in order to reset the current working directory. So the OpenBSD man page seems to be in the minority here. Any portable code can not assume that CWD changes. And changing the Linux behaviour now would be a rather big change which might break userspace. And yes, there are applications that rely on this, I've used it when building software for cross compiling. /Christer On Thu, 27 Sep 2007 06:49:28 +0930 David Newall <david@davidnewall.com> wrote: -
| Tarkan Erimer | Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 |
| Greg KH | [GIT PATCH] driver core patches against 2.6.24 |
| Ingo Molnar | [git pull] x86 arch updates for v2.6.25 |
| Anton Salikhmetov | [PATCH -v8 2/4] Update ctime and mtime for memory-mapped files |
git: | |
| Patrick McHardy | Re: [GIT]: Networking |
| Jarek Poplawski | [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock(). |
| Gerrit Renker | [PATCH 16/37] dccp: API to query the current TX/RX CCID |
| Andrew Morton | Re: [BUG] New Kernel Bugs |
