Firewall Wizards mailing list archives

Re: chroot useful?

From: Bernhard Schneck <Bernhard_Schneck () genua de>
Date: Fri, 14 Nov 1997 09:28:54 +0100

In message <199711132205.RAA01373 () itd nrl navy mil> you write:

I was under the impression that running the chroot() command on a UNIX 
box would make it impossible for all subsequently launched programs to 
access files located above the newly defined root point, even if such 
programs are launched with a UID of 0.  [...]


Probably most members of this list know already (or why would this
be a ``wizzards'' list :-), but the usual unix/posix system call
specifications *require* a way to break out of a chroot environment
(at least for root).

So either don't trust chroot, or don't be posix.

\Bernhard.

Current thread:

Re: chroot useful?, (continued)
- Re: chroot useful? chuck+fwwiz (Nov 10)
- Re: chroot useful? Paul McNabb (Nov 12)
  - Re: chroot useful? Steven M. Bellovin (Nov 13)
    - Re: chroot useful? C Matthew Curtin (Nov 21)
- Re: chroot useful? Paul McNabb (Nov 12)
- Re: chroot useful? Douglas R. Steinbaum (Nov 13)
  - Re: chroot useful? Darren Reed (Nov 14)
  - Re: chroot useful? Steven M. Bellovin (Nov 14)
    - Re: chroot useful? Aleph One (Nov 14)
    - Re: chroot useful? Steven M. Bellovin (Nov 15)
  - Re: chroot useful? Bernhard Schneck (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Anton J Aylward (Nov 15)
  - Re: chroot useful? Steven M. Bellovin (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 15)
  - Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
  - Re: chroot useful? Darren Reed (Nov 16)

(Thread continues...)