Chroot Jail Not Secure for Sandboxing Python?

Bjoern Schliessmann usenet-mail-0306.20.chr0n0ss at spamgourmet.com
Mon Jun 25 22:12:36 CEST 2007


gregpinero at gmail.com wrote:

> I followed up with my ISP.  Here's the answer I got:
> 
> The os.exec call prepends the chroot directory to the absolute
> path, but does NOT provide chroot for the child process.  

That sounds like rubbish to me. If it worked like that, chrooting
servers would be virtually useless. 

Which OS is the ISP using? Tell him to do "man 2 chroot" and read
it.

| NAME
|        chroot - change root directory
| 
| SYNOPSIS
|        #include <unistd.h>
|
|        int chroot(const char *path);
|
| DESCRIPTION
|        chroot()  changes  the  root  directory  to that specified
|        in path.  This directory will be used for pathnames
|        beginning with /.  The root directory is inherited by all
|        children of the current process. [...]

Regards,


Björn

-- 
BOFH excuse #282:

High altitude condensation from U.S.A.F prototype aircraft has
contaminated the primary subnet mask. Turn off your computer for 9
days to avoid damaging it.




More information about the Python-list mailing list