Exit from os.chroot()

Thomas Bellman bellman at lysator.liu.se
Thu Jun 5 08:20:48 CEST 2008


Tobiah <toby at tobiah.org> writes:

>> It is better to make copies of the needed binaries and libraries,
>> and *only* them.

> Or symbolic links, of course.  Also, wouldn't links prevent
> the process from puffing actual binaries in /usr/bin?

Well, if you create symlinks from the chroot jail that try to
point to things outside the chroot, you are at least guaranteed
that you won't give the chroot:ed process to much information.
Unfortunately, you won't be giving it the tools it needs to do
its designed job, either, since symlinks can't escape a chroot.


-- 
Thomas Bellman,   Lysator Computer Club,   Linköping University,  Sweden
"I don't think [that word] means what you    !  bellman @ lysator.liu.se
 think it means."   -- The Princess Bride    !  Make Love -- Nicht Wahr!



More information about the Python-list mailing list