* hardened chroot()
@ 2006-08-30 17:47 Majkls
2006-08-30 17:51 ` Shaya Potter
0 siblings, 1 reply; 3+ messages in thread
From: Majkls @ 2006-08-30 17:47 UTC (permalink / raw)
To: linux-fsdevel
Hello,
is there possibility to add hardened chroot() to linux kernel? I have
some patch and I would like submit it into linux-kernel. Now can be
chroot workarounded. What do you think about it?
cheers
--
Miloslav "Majkls" Semler
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: hardened chroot()
2006-08-30 17:47 hardened chroot() Majkls
@ 2006-08-30 17:51 ` Shaya Potter
2006-08-30 18:11 ` Majkls
0 siblings, 1 reply; 3+ messages in thread
From: Shaya Potter @ 2006-08-30 17:51 UTC (permalink / raw)
To: Majkls; +Cc: linux-fsdevel
Majkls wrote:
> Hello,
> is there possibility to add hardened chroot() to linux kernel? I have
> some patch and I would like submit it into linux-kernel. Now can be
> chroot workarounded. What do you think about it?
I wrote one a few years ago, but there seemed to be no interest in it.
My conception was based on that observation that a chroot "point" really
only deals with path walking and basically says that at this point ".."
is the same as ".". Therefore, all we need are a linked list of "chroot
points" and just like the current follow_dotdot() function tests if the
current directory is the "root", one can just have it loop through the
entire list of chroot points.
The idea was to enable root processes to run within a chroot
environment, and even call chroot().
In Linux today, it might be better solved via setting up an alternative
namespace.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: hardened chroot()
2006-08-30 17:51 ` Shaya Potter
@ 2006-08-30 18:11 ` Majkls
0 siblings, 0 replies; 3+ messages in thread
From: Majkls @ 2006-08-30 18:11 UTC (permalink / raw)
To: linux-fsdevel
Shaya Potter wrote:
>> Majkls wrote:
>>
>
>>>> Hello,
>>>> is there possibility to add hardened chroot() to linux kernel? I have
>>>> some patch and I would like submit it into linux-kernel. Now can be
>>>> chroot workarounded. What do you think about it?
>
>>
>>
>> I wrote one a few years ago, but there seemed to be no interest in it.
>>
>> My conception was based on that observation that a chroot "point" really
>> only deals with path walking and basically says that at this point ".."
>> is the same as ".". Therefore, all we need are a linked list of "chroot
>> points" and just like the current follow_dotdot() function tests if the
>> current directory is the "root", one can just have it loop through the
>> entire list of chroot points.
yes i have special function which check if is it in root. It is also
necessary fix sys_fchdir.
>>
>> The idea was to enable root processes to run within a chroot
>> environment, and even call chroot().
>>
>> In Linux today, it might be better solved via setting up an alternative
>> namespace.
yes, but it is not so simple. simplier is one patch for chroot. Why
don't do it right, if it is not problem.
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe
linux-fsdevel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
--
Miloslav "Majkls" Semler
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-08-30 18:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-30 17:47 hardened chroot() Majkls
2006-08-30 17:51 ` Shaya Potter
2006-08-30 18:11 ` Majkls
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.