On Thu, Feb 12, 2015 at 2:07 AM, <Valdis.Kletnieks@xxxxxx> wrote: > On Thu, 12 Feb 2015 00:31:45 +0530, noyb noybee said: > >> I was planning that the calling process would call the new system call >> which would return a pseudo-random key that is used as the >> pass-phrase. > > So what prevents malicious code from doing a fork and then calling the > new syscall to get its own pseudo-random key to use as a passphrase? Well, any program which has root credentials is still allowed to call chroot(it needs to get a new passphrase before) but not any program with root credentials can exit it. The passphrase last generated(and still unused) will be used as the passphrase for a chroot system call(both needed to be called by the same processes, ofc). Once a passphrase is used for a chroot system call, it is never returned(pseudo-random) again. _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
