Firewall Wizards mailing list archives
Re: chroot useful?
From: Bernhard Schneck <Bernhard_Schneck () genua de>
Date: Fri, 14 Nov 1997 09:28:54 +0100
In message <199711132205.RAA01373 () itd nrl navy mil> you write:
I was under the impression that running the chroot() command on a UNIX box would make it impossible for all subsequently launched programs to access files located above the newly defined root point, even if such programs are launched with a UID of 0. [...]
Probably most members of this list know already (or why would this be a ``wizzards'' list :-), but the usual unix/posix system call specifications *require* a way to break out of a chroot environment (at least for root). So either don't trust chroot, or don't be posix. \Bernhard.
Current thread:
- Re: chroot useful?, (continued)
- Re: chroot useful? chuck+fwwiz (Nov 10)
- Re: chroot useful? Paul McNabb (Nov 12)
- Re: chroot useful? Steven M. Bellovin (Nov 13)
- Re: chroot useful? C Matthew Curtin (Nov 21)
- Re: chroot useful? Steven M. Bellovin (Nov 13)
- Re: chroot useful? Paul McNabb (Nov 12)
- Re: chroot useful? Douglas R. Steinbaum (Nov 13)
- Re: chroot useful? Darren Reed (Nov 14)
- Re: chroot useful? Steven M. Bellovin (Nov 14)
- Re: chroot useful? Aleph One (Nov 14)
- Re: chroot useful? Steven M. Bellovin (Nov 15)
- Re: chroot useful? Bernhard Schneck (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Steven M. Bellovin (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)