On Thu, 12 Feb 2015 23:41:18 +0530, noyb noybee said: > On Thu, Feb 12, 2015 at 3:44 AM, <Valdis.Kletnieks@xxxxxx> wrote: > > How about you concentrate on "how were they able to access files outside > > the chroot in the first place"? > So, closing all open file descriptors that are outside the new root > directory + changing the CWD + blocking any mounts. That's a good start. Now, for bonus points - explain why you wanted something inside a chroot to be able to access something outside the chroot. (Hint - why can't you just bind-mount it into the chroot hierarchy before launching the chroot'ed program?)
Attachment:
pgpdvOd6fb7G9.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
