Re: breaking out of a chroot

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: breaking out of a chroot

From:	Neal H. Walfield
Subject:	Re: breaking out of a chroot
Date:	Wed, 18 May 2005 11:37:01 +0100
User-agent:	Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI)

> > I don't have any ideas offhand of how this could be fixed.
> 
> It's easier than that; you can just directly ask the proc server for
> the global system root.

One can proxy the proc server.

> The Hurd doesn't have Unixy chroots by design, but you can make a
> subhurd which you can't break out of.  That's the correct way to solve
> the problems that Unix solves with chroot.

I'm not suggesting that we should fix Unix's chroot with our chroot.
However, there are a fair number of programs (namely daemons) which
understand the security holes and are able, nevertheless, to take
advantages of Unix's chroot behavior.  The fact that our chroot is
less secure than Unix's deserves, I think, at least a caveat.

Thanks,
Neal

[Prev in Thread]

Current Thread

[Next in Thread]

breaking out of a chroot, Neal H. Walfield, 2005/05/17
- Re: breaking out of a chroot, Alfred M. Szmidt, 2005/05/18
  - Re: breaking out of a chroot, Neal H. Walfield, 2005/05/18
- Re: breaking out of a chroot, Thomas Bushnell BSG, 2005/05/18
  - Re: breaking out of a chroot, Neal H. Walfield <=
    - Re: breaking out of a chroot, Thomas Bushnell BSG, 2005/05/18

Prev by Date: Re: breaking out of a chroot
Next by Date: $B?75,EPO?$NJ}$O(B10000$B1_J,L5NA(B
Previous by thread: Re: breaking out of a chroot
Next by thread: Re: breaking out of a chroot
Index(es):
- Date
- Thread