On Wed, Sep 25, 2019 at 08:20:52AM +0200, Laslo Hunhold wrote: > chroot() should never be optional. unveil() might bring the same > effect, but the unveil()-wrapper in quark doesn't do anything on Linux. >
chroot() has several detrimental effects, most importantly making it impossible to access /dev/null and /dev/urandom. Unless, of course, measures are taken to replicate these devices underneath the new root. It is also not a security device. If a service in a chroot is exploited with root privileges, it can mount procfs wherever, and access /proc/1/root. It can also mount another instance of the rootfs wherever and escape the jail that way. > > With best regards > > Laslo > Ciao, Markus