diff options
author | Harald van Dijk <harald@gigawatt.nl> | 2015-02-13 16:05:49 +0000 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-16 12:18:19 +0100 |
commit | 5451b8db9db7dabb46e9f1966d72406c9da271a9 (patch) | |
tree | fa2cbd50139aefeb7a20309212a5f0ecc620e027 /configure.ac | |
parent | b0bad3e61568419d497aaa11ede7afdf7ac4339c (diff) |
Use pivot_root in addition to chroot when possible
chroot only changes the process root directory, not the mount namespace root
directory, and it is well-known that any process with chroot capability can
break out of a chroot "jail". By using pivot_root as well, and unmounting the
original mount namespace root directory, breaking out becomes impossible.
Non-root processes typically have no ability to use chroot() anyway, but they
can gain that capability through the use of clone() or unshare(). For security
reasons, these syscalls are limited in functionality when used inside a normal
chroot environment. Using pivot_root() this way does allow those syscalls to be
put to their full use.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index be77975bd..756b2f227 100644 --- a/configure.ac +++ b/configure.ac @@ -87,6 +87,7 @@ AC_CHECK_HEADERS([sys/mount.h], [], [], # include <sys/param.h> # endif ]) +AC_CHECK_HEADERS([sys/syscall.h]) # Check for lutimes, optionally used for changing the mtime of |