The Savannah Compromise - what really happened?
Posted Jan 3, 2004 2:13 UTC (Sat) by iabervon
In reply to: The Savannah Compromise - what really happened?
Parent article: The Savannah Compromise - what really happened?
On the other hand, it'd be very difficult to get root in the jail if
there's nothing setuid root or running as root in the jail. Anything
kernel-level that will give you root in this situation would probably let
you do arbitrary other things anyway, and anything userspace can't give
you root. Tasks requiring root access can be done from outside the jail,
so in-jail root doesn't actually need to be possible at all, which makes
security auditting much simpler, because you can be sure that permissions
will be followed by everything in the jail.
to post comments)