Subject: Re: chroot(2)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Kevin Sullivan <>
List: tech-kern
Date: 10/06/1998 13:08:26
Content-Type: text/plain; charset=us-ascii

On Mon, 05 Oct 1998 23:54:29 EDT, der Mouse says
>chroot is not a jail.  It can be part of a jail.  It can also be used
>for other, completely different, purposes, many of which would be
>broken by having it magically do a bunch of things to turn it into a

So maybe what we need is a way to designate a process as "untrustable".  An
untrustable process would never be allowed to create devices, change its id
to root (though it could start as root and change to someone else), load
LKMs, set a setuid bit, <add your insecure list here>.  Any children it
created would also be untrustable.  This would be ideal for running most
daemons.  And it would be a totally separate mechanism than chroot; some
programs would use one mechanism, some both, and some none.


Content-Type: application/pgp-signature

Version: 2.6.2