[SLL] root filesystem as a subdirectory of same device
Brian Hatch
bri at ifokr.org
Tue Nov 27 18:33:28 PST 2007
Bordering on 2007-11-27 16:37 -0800, Robert Woodcock blathered:
> I don't know if init can be a shell script on Linux (I doubt it, but I've
> never tested it).
It can. In fact for most distros it is, for part of the bootup phase.
init is just pid 1, and pid 1 needs to at some point end up running a process
that will act like init (live forever, reap all children, etc).
> Note that the kernel developers don't consider chroot() secure:
> http://kerneltrap.org/Linux/Abusing_chroot
As a way to lock a root user in a subdirectory, yes, chroot is not an
appropriate security tool - you can't lock root away if they still have
the CAP_CHROOT capability, they can get out. But that's security in
a rogue environment, and that's not what Jeremy is looking for right
now, he's looking for functionality. I don't see that it'd be a
problem.
--
Brian Hatch "I hate seeing things
Systems and through, especially
Security Engineer when it is through
http://www.ifokr.org/bri/ other people's eyes."
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists2.linuxjournal.com/pipermail/linux-list/attachments/20071127/e7dbcf1a/attachment.sig
More information about the linux-list
mailing list