Majkls wrote:
Hello,
is there possibility to add hardened chroot() to linux kernel? I have
some patch and I would like submit it into linux-kernel. Now can be
chroot workarounded. What do you think about it?
I wrote one a few years ago, but there seemed to be no interest in it.
My conception was based on that observation that a chroot "point" really
only deals with path walking and basically says that at this point ".."
is the same as ".". Therefore, all we need are a linked list of "chroot
points" and just like the current follow_dotdot() function tests if the
current directory is the "root", one can just have it loop through the
entire list of chroot points.
The idea was to enable root processes to run within a chroot
environment, and even call chroot().
In Linux today, it might be better solved via setting up an alternative
namespace.
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
