On Thu, Jan 12, 2012 at 4:42 PM, Andrew Lutomirski <luto@xxxxxxx> wrote:
>
> That may prevent another use: set this new flag, chroot, drop
> privileges, accept network connections. (The idea being that chroot
> might work unprivileged if this flag is set.)
Well, if you have privileges, then just do
chroot();
drop privileges
and if you depend on the new flag, then you do
drop privileges
set new flag
chroot
and if you want to work either way then you just do
error = chroot
drop privileges
set new flag
if error
chroot
which does the right thing regardless of whether you had privileges
and/or a new kernel or not.
In any of the three cases I don't see why you'd ever want to drop
privileges *after* setting the new flag.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
