LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Complexity

Complexity

Posted Mar 22, 2013 18:41 UTC (Fri) by dlang (✭ supporter ✭, #313)
In reply to: Complexity by jezuch
Parent article: Anatomy of a user namespaces vulnerability

> The problem with chroot, as I was told, is that it is not and has never been a security mechanism.

It depends on how you define 'security mechanism'

chroot has always provided security in that processes in a chroot in that it prevented that process from accessing any files outside that chroot.

This doesn't mean that this security couldn't be bypassed (if you could get root inside the chroot), but if you did not have root in the chroot, it helped.

for example, if a server had a vulerability that allowed it to access arbitrary files on the filesystem, putting it in a chroot can be very useful.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds