grsecurity forums

Skip to content

question about chroot restrictions

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

question about chroot restrictions

Postby incognito_ » Sat May 15, 2004 11:08 am

I see alot of nifty chroot restrictions, like refusing mount, mknod etc, but I thought those would require root inside the jail anyway, does this mean you can't break out of a grsec-chroot even if you have root?
incognito_
 
Posts: 5
Joined: Sat Jan 03, 2004 1:01 pm
Top

Re: question about chroot restrictions

Postby PaX Team » Tue May 25, 2004 6:38 pm

incognito_ wrote:I see alot of nifty chroot restrictions, like refusing mount, mknod etc, but I thought those would require root inside the jail anyway, does this mean you can't break out of a grsec-chroot even if you have root?
yes, that's the whole point. whether there're still holes left is hard to tell, but it's certainly better than what other systems provide (spender wrote an article on this topic for the french MISC magazine last year).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group