> It's simply not good enough to close all directory file descriptors before chrooting.
>
> If calling chroot once you're already in a chroot jail was disallowed, it would stop
> this attack.
I think the problem here is that some people have the idea that chroot is
some kind of magical security device. Thats not true at all. You can build an
environment like that if you wish by closing other directory handles and having
no suitably priviledged code in the chroot area and stuff.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
