Alan Cox wrote:
> > It's simply not good enough to close all directory file descriptors before
>chrooting.
> >
> > If calling chroot once you're already in a chroot jail was disallowed, it would
>stop
> > this attack.
> I think the problem here is that some people have the idea that
> chroot is some kind of magical security device. Thats not true at
> all. You can build an environment like that if you wish by closing
> other directory handles and having no suitably priviledged code in
> the chroot area and stuff.
I read about the BSD Jail stuff a while ago.
It's a nice "operating system class lab project". Estimated time
needed: 40 hours.
This IS the magical security device.
Roger.
--
** [EMAIL PROTECTED] ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* Common sense is the collection of *
****** prejudices acquired by age eighteen. -- Albert Einstein ********
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
