On Sat, 27 Nov 1999, Jason Gunthorpe wrote:
>
> On Fri, 26 Nov 1999, Brandon Mitchell wrote:
>
> > And before you get the silly idea that chroot is secure, there is also
> > "chroot /proc/1/root".
>
> Does that seriously work?? Do the kernel people know? Gah - that sucks!
It's been around a long long time. Someone mentioned it years ago when I
asked about making a secure chrooted area that someone could have root in
without messing up my system. Of course you can disable proc, but then
there is the whole /dev directory, think /dev/hda. I'm sure there are
ways to make it secure, but you can't have anywhere near a fully
functional linux install too. I suppose hardware set in a read only mode
can eliminate some of the possible damage. If on the other hand they
aren't root, then there are no worries. You can't see /proc/1/root. You
can't create setuid binaries. So now you make a secure install and have
the file system privacy you normally get with separate machines.
Brandon
Brandon Mitchell * http://public.surfree.com/bmitch
[EMAIL PROTECTED] * ICQ: 30631197
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
