Scribit [EMAIL PROTECTED] dies 18/03/2008 hora 16:38: > Now the problem is that a chrooted process can create a passive > translator. When this translated node is accessed, the translator > process currently won't be started in the context of the chrooted > process, but in that of the normal global filesystem -- it has access > to everything, and can pass it on to the chrooted process.
That really calls for capability discipline in the Hurd interfaces, I'd say (I'm not sure, but it may have been one of the reason the developers of the L4 port looked at capabilities). If the translator had to provide an explicit capability (whatever it would be in this case) that designate what it accesses, it should be relatively easier to secure the chroot. As I don't know the details of the communications between translators and the filesystem, I wonder: is there a documentation about it? Curiously, Pierre -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A
signature.asc
Description: Digital signature