From: Matt Z. <md...@de...> - 2003-06-23 19:08:37
|
On Mon, Jun 23, 2003 at 01:49:39PM -0500, Adam Heath wrote: > On Mon, 23 Jun 2003, Matt Zimmerman wrote: > > > > Start as root > > > chroot() > > > setgid > > > setuid > > > run UML > > > > It might be nice if UML could do the chroot/setuid itself if started as > > root, after opening its files. This way, ubd devices and such could be kept > > outside the chroot. > > Of course, that breaks reboots. So does any other method of chrooting UML, unless the UML binary itself and all auxiliary files are also inside the chroot (leading to an escape from UML if the user can manage to modify the on-disk UML executable). If the idea is to keep the user contained, the chroot should be as empty as possible. -- - mdz |