Subject: Re: chroot(2)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Kevin Sullivan <ksulliva@psc.edu>
List: tech-kern
Date: 10/06/1998 13:08:26
--==_Exmh_77758640P
Content-Type: text/plain; charset=us-ascii
On Mon, 05 Oct 1998 23:54:29 EDT, der Mouse says
>chroot is not a jail. It can be part of a jail. It can also be used
>for other, completely different, purposes, many of which would be
>broken by having it magically do a bunch of things to turn it into a
>jail.
So maybe what we need is a way to designate a process as "untrustable". An
untrustable process would never be allowed to create devices, change its id
to root (though it could start as root and change to someone else), load
LKMs, set a setuid bit, <add your insecure list here>. Any children it
created would also be untrustable. This would be ideal for running most
daemons. And it would be a totally separate mechanism than chroot; some
programs would use one mechanism, some both, and some none.
-Kevin
--==_Exmh_77758640P
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: 2.6.2
iQCVAwUBNhpOin4qeMKIUCpVAQERGQP/TH2NwSdI1eHx4QF88Zdz8hB3e1UPUCnZ
KpEORxB/os9iw3KjvFkExTreBu0628D8llzLmD1qgo01s6Teq8/yMVJkdlXVukOt
QwJLSZMUIc2mhGXOaURqU3MioYZOO2dxSOfFnABnFk2F+JOXmspbSPzILybpZwiJ
urkP9k06Qqs=
=H0jY
-----END PGP MESSAGE-----
--==_Exmh_77758640P--