This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: can I use chroot() multiple times in one program
On Thu, Jan 14, 2010 at 8:40 AM, Wu Zhou <woodzltc@gmail.com> wrote:
> On Tue, Jan 12, 2010 at 9:20 PM, AmÃrico Wang <xiyou.wangcong@gmail.com> wrote:
>>>
>>> Ah. Sound a little odd to me. AFAIK, chroot is a system call, which
>>> append the named directory to the path resolution for this process and
>>> its children. Maybe this directory is saved some place in the process
>>> control block?
>>
>> True, you can find it in task_struct ->fs->root.
>> But this doesn't mean you can go back.
>>
>>> Another chroot should be able to change this again and
>>> the later code will use the new directory. Don't see why this is not
>>> designed in such a way.
>>>
>>
>> Well, suppose you have a program within the chroot jail which also
>> does a chroot(), so with _your_ design it can jump out the jail!! With
>> the correct design, it can't, never.
>
> Good justification. But sometimes chroot might be used in non-security
> purpose. Then re-change the root can be a useful option.
>
In fact, using chroot() for security purpose is not a good idea.
You can fork a new process and only do chroot()'ed things
in the child process.