From mboxrd@z Thu Jan 1 00:00:00 1970 From: Colin Walters Subject: Re: [PATCH v3 4/4] Allow unprivileged chroot when safe Date: Mon, 30 Jan 2012 18:10:45 -0500 Message-ID: <1327965046.5355.16.camel@lenny> References: <0e2f0f54e19bff53a3739ecfddb4ffa9a6dbde4d.1327858005.git.luto@amacapital.net> <1327960736.5355.5.camel@lenny> <1327963309.5355.7.camel@lenny> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: Will Drewry , linux-kernel@vger.kernel.org, Casey Schaufler , Linus Torvalds , Jamie Lokier , keescook@chromium.org, john.johansen@canonical.com, serge.hallyn@canonical.com, coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com, djm@mindrot.org, segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org, scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi, viro@zeniv.linux.org.uk, mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com, borislav.petkov@amd.com, amwang@redhat.com, oleg@redhat.com, ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com, daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, olofj@chromium.org, mhalcrow@google.com, dlaor@redhat.com, corbet@lwn.net, alan@lxorguk. To: Andy Lutomirski Return-path: In-Reply-To: Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Mon, 2012-01-30 at 14:43 -0800, Andy Lutomirski wrote: > You don't need a setuid binary. Just have an initscript set up the bind mounts. The point is that dchroot is already setuid root, and calls chroot, so it gains nothing from the ability to do it unprivileged. (And wow, I just looked at the source, it's a setuid C++ binary! Using boost. Ugh...)