Subject: Re: chroot jail for ftpd
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Alfred Perlstein <>
List: tech-kern
Date: 10/18/2001 17:15:33
* Jonathan Stone <jonathan@DSG.Stanford.EDU> [011018 17:12] wrote:
> >Right, I know that one ... attached is a patch which should fix it.
> thanks. You the man.
> I was acutlally wondering about hacking ld.{elf_}so  -- or wherever
> LD_PRELOAD and LD_LIBRARY_PATH are acutally implemented; <dlfcn.h>? --
> to check each element of a path and check for crossing over mountpoints
> which are mounted noexec, and skipping those search-paths altogether.
> Not to close the security loophole -- we agree on the right place for
> that -- but to give cleaner semantics to anyone fishing for loopholes.

This could be done trivially at the time of open(2) using fstatfs(2).

-Alfred Perlstein []
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'