Re: [PLUG] expect, /dev/pts, and a chroot

gabriel rosenkoetter on Thu, 2 Oct 2003 15:08:09 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] expect, /dev/pts, and a chroot

From: gabriel rosenkoetter <gr@eclipsed.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] expect, /dev/pts, and a chroot

Date: Thu, 2 Oct 2003 15:07:12 -0400

Mail-followup-to: plug@lists.phillylinux.org

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4.1i

On Mon, Sep 29, 2003 at 02:04:23PM -0400, sean finney wrote: > so i tried doing a bind mount for all of /dev: > > mount --bind /dev /chroot/dev Now, maybe I'm confused here, but doesn't this completely undermine the security of chroot(2)? That is, couldn't someone gain elevated permissions within the changed root, and then exploit his access to /dev via that bound mount to escape the chroot/scribble on devices/whatever? The point of a chroot is that it NOT have access to the outside system... and if it must have access to device nodes, they should be device nodes donated strictly to the chroot. -- gabriel rosenkoetter gr@eclipsed.net
Attachment: pgprOQT71Amva.pgp
Description: PGP signature

Follow-Ups:

Re: [PLUG] expect, /dev/pts, and a chroot
From: Will Dyson <will_dyson@pobox.com>

Prev by Date: [PLUG] DNS issues preventing my mail server from working

Next by Date: Re: [PLUG] DNS issues preventing my mail server from working

Previous by thread: Re: [PLUG] expect, /dev/pts, and a chroot

Next by thread: Re: [PLUG] expect, /dev/pts, and a chroot

Index(es):

Date

Thread