Chroot Jail Not Secure for Sandboxing Python?

"Martin v. Löwis" martin at v.loewis.de
Wed Jun 27 05:33:23 CEST 2007


> To launch a child process in a chroot you can easily just fork and
> then make the chroot syscall in the child process immediately after
> the fork.

It's not so easy. On Linux, you need to have the CAP_SYS_CHROOT
capability to invoke the syscall; on other systems, you may have
to be root.

Regards,
Martin



More information about the Python-list mailing list