This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: can I use chroot() multiple times in one program

On Thu, Jan 14, 2010 at 8:40 AM, Wu Zhou <woodzltc@gmail.com> wrote:
> On Tue, Jan 12, 2010 at 9:20 PM, AmÃrico Wang <xiyou.wangcong@gmail.com> wrote:
>>>
>>> Ah. Sound a little odd to me. AFAIK, chroot is a system call, which
>>> append the named directory to the path resolution for this process and
>>> its children. Maybe this directory is saved some place in the process
>>> control block?
>>
>> True, you can find it in task_struct ->fs->root.
>> But this doesn't mean you can go back.
>>
>>> Another chroot should be able to change this again and
>>> the later code will use the new directory. Don't see why this is not
>>> designed in such a way.
>>>
>>
>> Well, suppose you have a program within the chroot jail which also
>> does a chroot(), so with _your_ design it can jump out the jail!! With
>> the correct design, it can't, never.
>
> Good justification. But sometimes chroot might be used in non-security
> purpose. Then re-change the root can be a useful option.
>

In fact, using chroot() for security purpose is not a good idea.

You can fork a new process and only do chroot()'ed things
in the child process.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]