Unprivileged chroot() and Outrun

Posted Mar 17, 2021 17:39 UTC (Wed) by floppus (guest, #137245)
In reply to: Unprivileged chroot() and Outrun by smurf
Parent article: Unprivileged chroot()

Right, but the point is that you *don't* need a setuid executable. Creating a user namespace (calling "unshare") normally doesn't require any special privileges.

Unprivileged chroot() and Outrun

Posted Mar 18, 2021 1:03 UTC (Thu) by pabs (subscriber, #43278) [Link] (3 responses)

It does if your distro or sysadmin has disabled unprivileged namespaces by default.

Unprivileged chroot() and Outrun

Posted Mar 18, 2021 12:54 UTC (Thu) by domenpk (guest, #12382) [Link] (2 responses)

That same distro or sysadmin will almost surely also disable unprivileged chroot (being a newer and less tested feature), so you won't gain anything.

Unprivileged chroot() and Outrun

Posted Mar 27, 2021 18:54 UTC (Sat) by l0kod (subscriber, #111864) [Link] (1 responses)

chroot(2) is much more simple (and limited) than namespaces, which is why there is no valid reason to be able to disable it (i.e. this unprivileged chroot is not, by design, a security risk).

Unprivileged chroot() and Outrun

Posted Apr 6, 2021 19:28 UTC (Tue) by immibis (subscriber, #105511) [Link]

is less of* a security risk