On Wed, 25 Sep 2019 16:06:52 +0200 Markus Wichmann <nullp...@gmx.net> wrote:
Dear Markus, > chroot() has several detrimental effects, most importantly making it > impossible to access /dev/null and /dev/urandom. Unless, of course, > measures are taken to replicate these devices underneath the new root. please excuse the ignorant question, but why would you want to access /dev/null? The problem with /dev/urandom is well-known, which is why OpenBSD has arc4random(3). > It is also not a security device. If a service in a chroot is > exploited with root privileges, it can mount procfs wherever, and > access /proc/1/root. It can also mount another instance of the rootfs > wherever and escape the jail that way. You are absolutely right. chroot() on its own is not a security device, but it is when you drop your privileges after chrooting. Then it is not possible to mount procfs or whatnot. After all, one measure alone is never enough, which is why I also use unveil(2) (at least on OpenBSD) to make any other accesses to the file system impossible. With best regards Laslo