[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/54947: chroot mount file systems leak the actual path in superblock
The following reply was made to PR kern/54947; it has been noted by GNATS.
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Subject: Re: kern/54947: chroot mount file systems leak the actual path in superblock
Date: Sun, 09 Feb 2020 03:31:47 +0700
Date: Sat, 8 Feb 2020 17:20:02 +0000 (UTC)
From: Frank Kardel <kardel%netbsd.org@localhost>
| Yes, it is "just" an information leak.We found it while quick testing
| sysinst from a chroot environment.
I think you're reading more into chroot than you should - it is a means
to map pathnames in a way that protects the rest of the system from
stray accesses, and allows the process inside the chroot to test
operations (like manipulation of files in /etc or installation into
standard bin or lib paths) without risking the live system.
It isn't intended to hide just about anything, or provide any special
security features, other than the pathname remapping it does.
If you want a virtual machine, use one, chroot is not that.
Main Index |
Thread Index |