[mpm-itk] mpm_itk and chroot
Steinar H. Gunderson
sgunderson at bigfoot.com
Mon Jan 4 21:44:07 CET 2010
On Mon, Jan 04, 2010 at 09:12:06PM +0100, Gregy wrote:
> I am not sure if it really works this way but to suid itk has to run
> code as root, wouldn't it be safer to be chrooted? Or is chroot so
> easy to get through it doesn't matter?
If you are root, you can usually get out of a chroot jail some way or the
other anyways. Making a proper chroot jail is pretty hard.
In any case, mpm-itk drops most of its root privileges (including the ability
to chroot) quickly; as long as you have seteuid() capability that might not
matter all that much, though.
/* Steinar */
More information about the mpm-itk