Not logged in
Log in now
Create an account
Subscribe to LWN
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
LWN.net Weekly Edition for June 6, 2013
Because years and years and years of advisories have demonstrated to the sysadmin that this doesn't work.
What chroot() is really for
Posted Oct 5, 2007 20:29 UTC (Fri) by wahern (subscriber, #37304)
chroot is not _the_ answer. In all this debate, either here or on LKML, I have yet to see anybody mistakingly suggest that chroot _alone_ is a sufficient measure. All of these straw men arguments that say that chroot shouldn't be used because chroot _alone_ isn't sufficient are fallacious.
I'm only sticking to my guns because these forums are archived, and I don't want to see a student or junior engineer come to me in 10 years and say they didn't use chroot, though they trivially could have, because they were told it was useless.
Posted Oct 6, 2007 1:40 UTC (Sat) by wahern (subscriber, #37304)
Posted Oct 11, 2007 7:12 UTC (Thu) by gat3way (guest, #47864)
And BTW there are quite a lot of ways to escape it as long as you're already a root. You can for example mount filesystems on some occasions.
Who said chroot() must provide security...against someone that already has root privilleges on that system???
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds