On Mon, Aug 27, 2007 at 10:35:03AM +0100, David Laight wrote:
> On Mon, Aug 27, 2007 at 10:33:06AM +0200, Joachim K?nig wrote:
> > David Laight wrote:
> > >Isn't it enough to disable such an env variable for suid programs ?
> > >Since a user can get the same effect by other means if allowed to write
> > >to the program file.
> > >  
> > If a user could select an emulation root without restrictions it would 
> > be very similar to a chroot call (restricted to the emulated binaries).
> 
> Actually it is nearer to an overlay mount of the emulation root over /.
> 

Actually a little of both.  You can get close to the current emulation code
by doing a union mount with / _under_ /emul/linux (mount_union -b), then
chroot'ing into it.  (not quite the same though)

eric