On Monday 2012-08-13 20:10, Andy Lutomirski wrote:
>
>One of these days, I intend to resurrect my unprivileged chroot kernel
>patches. My current thought is to add a new syscall weak_chroot,
>which should have these properties:
>[...]
>3. Can't be used to break out of chroot jail.
>
>The interface might be:
>
>weak_chroot_at(int fd, const char *path, int flags)
>[...]
>I'm somewhat tempted to add a flag to weak_chroot_at to break out of
>weak_root jail to prevent people from thinking that it's a security
>feature. I'm not sure about that, though.
An at variant of chroot would seem to be even more open than the
current name-based variant of chroot.
fd1 = open("/", O_DIRECTORY);
fd2 = open("/home/whatever", O_DIRECTORY);
weak_chroot_at(fd2, ".", 0)
weak_chroot_at(fd1, ".", 0)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
