> >>> The dot-dot entry in the root directory is interpreted to mean the > >>> root directory itself. Thus, dot-dot cannot be used to access files > >>> outside the subtree rooted at the root directory. > >>> > > > > Which is behaviour chroot preserves properly. > > > And yet it is the dot-dot entry which is used to access files outside > the root.
Read it again, and read all the words. Notably "the dot-dot entry *IN* the root directory". When your current directory is above your root directory you do not pass through that dot-dot entry. > Do you believe that when those words were first written, the hidden > conflict, namely that it permits dot-dot to access files outside the > subtree, was understood? Yes. You need to remember the notion of chroot for "security" is a very new one, and not one that it was designed for. Which as I've said twice now is why things like vserver and BSD jails have evolved. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
