[mpm-itk] mpm_itk and chroot

Steinar H. Gunderson sgunderson at bigfoot.com
Mon Jan 4 21:44:07 CET 2010


On Mon, Jan 04, 2010 at 09:12:06PM +0100, Gregy wrote:
> I am not sure if it really works this way but to suid itk has to run
> code as root, wouldn't it be safer to be chrooted? Or is chroot so
> easy to get through it doesn't matter?

If you are root, you can usually get out of a chroot jail some way or the
other anyways. Making a proper chroot jail is pretty hard.

In any case, mpm-itk drops most of its root privileges (including the ability
to chroot) quickly; as long as you have seteuid() capability that might not
matter all that much, though.

/* Steinar */
-- 
Homepage: http://www.sesse.net/



More information about the mpm-itk mailing list