On 08/01/2010 01:44 PM, JohnS wrote:
> It *WILL* work It is called "Outside to In"&& mount -o bind will also.
You previously described symlinking "out" to the root filesystem, which
is impossible. Symlinks cannot resolve to files outside of a chroot
environment. Hard links can.
It is, however, possible to create a symlink in the primary root
filesystem which points to a file inside a tree used for chroot, if that
is what you mean by "outside to in". In that case, your previous post
was simply unclear.
> The difference depends on what is exactly the person needs. IE (which
> way). It will also allow a "Jail Break" Out& In. So security goes out
> the window. In effect Zero Day here we are.
Symlinks do not allow you to break out of a chroot. In fact, chroot
isn't a security mechanism. chroot will confine any non-root process,
but any root process can escape a chroot simply by setting its cwd to
the root directory and then calling chroot() to any directory. The
process will then have a cwd outside its own root filesystem, and can
access the filesystem outside of the path it was originally using as its
chroot.
The term "zero day" normally describes a software exploit which was not
previously known. I don't believe it applies to anything you described.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
