From mboxrd@z Thu Jan 1 00:00:00 1970 From: Shaya Potter Subject: Re: hardened chroot() Date: Wed, 30 Aug 2006 13:51:51 -0400 Message-ID: <44F5D037.2000606@cs.columbia.edu> References: <44F5CF1F.1080304@tiscali.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Cc: linux-fsdevel@vger.kernel.org Return-path: Received: from e31.co.us.ibm.com ([32.97.110.149]:20957 "EHLO e31.co.us.ibm.com") by vger.kernel.org with ESMTP id S1751260AbWH3Rvz (ORCPT ); Wed, 30 Aug 2006 13:51:55 -0400 Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com [9.17.195.11]) by e31.co.us.ibm.com (8.13.8/8.12.11) with ESMTP id k7UHpsYS014570 for ; Wed, 30 Aug 2006 13:51:54 -0400 Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170]) by westrelay02.boulder.ibm.com (8.13.6/8.13.6/NCO v8.1.1) with ESMTP id k7UHprd2363026 for ; Wed, 30 Aug 2006 11:51:53 -0600 Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1]) by d03av04.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id k7UHpqvw019427 for ; Wed, 30 Aug 2006 11:51:52 -0600 To: Majkls In-Reply-To: <44F5CF1F.1080304@tiscali.cz> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org Majkls wrote: > Hello, > is there possibility to add hardened chroot() to linux kernel? I have > some patch and I would like submit it into linux-kernel. Now can be > chroot workarounded. What do you think about it? I wrote one a few years ago, but there seemed to be no interest in it. My conception was based on that observation that a chroot "point" really only deals with path walking and basically says that at this point ".." is the same as ".". Therefore, all we need are a linked list of "chroot points" and just like the current follow_dotdot() function tests if the current directory is the "root", one can just have it loop through the entire list of chroot points. The idea was to enable root processes to run within a chroot environment, and even call chroot(). In Linux today, it might be better solved via setting up an alternative namespace.