tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: security implications: ptyfs + mount_null + chroot

In article <>,
Dave B  <> wrote:
>** The short version:
>  What security implications are there of doing a "null" mount of
>/dev/pts on to directory that will be used under a chroot'ed
>environment?  How easily, if at all, could the resulting access to
>ptys which might have been opened in the parent environment be a
>  In addition, how iron-clad is chroot now considered to be anyway?

It will not work. I believe that there is code there to prevent more than
one mount, but initially when I wrote it I was planning to allow multiple
mounts that displayed only the ptys that were associated with processes
that had visibility to that root. It would be a fun project to do; it is
not too hard.


Home | Main Index | Thread Index | Old Index