[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Server overriding; chroot (was: Google Summer of Code participation)
|
From: |
Pierre THIERRY |
|
Subject: |
Re: Server overriding; chroot (was: Google Summer of Code participation) |
|
Date: |
Wed, 19 Mar 2008 02:15:22 +0100 |
|
User-agent: |
Mutt/1.5.17+20080114 (2008-01-14) |
Scribit olafBuddenhagen@gmx.net dies 18/03/2008 hora 16:38:
> Now the problem is that a chrooted process can create a passive
> translator. When this translated node is accessed, the translator
> process currently won't be started in the context of the chrooted
> process, but in that of the normal global filesystem -- it has access
> to everything, and can pass it on to the chrooted process.
That really calls for capability discipline in the Hurd interfaces, I'd
say (I'm not sure, but it may have been one of the reason the developers
of the L4 port looked at capabilities). If the translator had to provide
an explicit capability (whatever it would be in this case) that
designate what it accesses, it should be relatively easier to secure the
chroot.
As I don't know the details of the communications between translators
and the filesystem, I wonder: is there a documentation about it?
Curiously,
Pierre
--
nowhere.man@levallois.eu.org
OpenPGP 0xD9D50D8A
signature.asc
Description: Digital signature
Re: Google Summer of Code participation, Wei Shen, 2008/03/15
Re: Server overriding; chroot (was: Google Summer of Code participation), Wei Shen, 2008/03/18