[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Server overriding; chroot (was: Google Summer of Code participation)

From: Pierre THIERRY
Subject: Re: Server overriding; chroot (was: Google Summer of Code participation)
Date: Wed, 19 Mar 2008 02:15:22 +0100
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

Scribit olafBuddenhagen@gmx.net dies 18/03/2008 hora 16:38:
> Now the problem is that a chrooted process can create a passive
> translator. When this translated node is accessed, the translator
> process currently won't be started in the context of the chrooted
> process, but in that of the normal global filesystem -- it has access
> to everything, and can pass it on to the chrooted process.

That really calls for capability discipline in the Hurd interfaces, I'd
say (I'm not sure, but it may have been one of the reason the developers
of the L4 port looked at capabilities). If the translator had to provide
an explicit capability (whatever it would be in this case) that
designate what it accesses, it should be relatively easier to secure the

As I don't know the details of the communications between translators
and the filesystem, I wonder: is there a documentation about it?

OpenPGP 0xD9D50D8A

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]