Re: [PATCH] User chroot

David Wagner (daw@mozart.cs.berkeley.edu)
27 Jun 2001 04:39:38 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Blesson Paul: "Process creating"
Previous message: Frank Davis: "driver/sound/soundcard.c lock_kernel()/unlock_kernel()"
Maybe in reply to: Jorgen Cederlof: "[PATCH] User chroot"
Next in thread: Jesse Pollard: "Re: [PATCH] User chroot"

Mohammad A. Haque wrote:
>Why do this in the kernel when it's available in userspace?

Because the userspace implementations aren't equivalent.
In particular, it is not so easy for them to enforce the following
restriction:
(*) If a non-root user requested the chroot, then setuid/setgid
bits won't have any effect under the new root.
The proposed kernel patch respects (*), but I'm not aware of any
user-level application that ensures (*) is followed.

(Also, there is the small matter that the user-level implementations
are only usable by root, or are setuid root. The latter is only a
minor difference, though, IMHO.)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Blesson Paul: "Process creating"
Previous message: Frank Davis: "driver/sound/soundcard.c lock_kernel()/unlock_kernel()"
Maybe in reply to: Jorgen Cederlof: "[PATCH] User chroot"
Next in thread: Jesse Pollard: "Re: [PATCH] User chroot"