[scponly] I _still_ don't understand --enable-quota-compat
Kaleb Pederson
kpederson at mail.ewu.edu
Fri Mar 10 15:26:07 EST 2006
On Friday 10 March 2006 11:01 am, Ensel Sharon wrote:
> Perhaps instead of a different patch for every different command that
> people want to hack into the chroot ... could there perhaps be a _general_
> forking patch, that once applied allows a person to add any number of
> binaries that can be run temporarily outside of the chroot (for instance,
> I might allow passwd and quota and df, and you might just allow passwd)
>
> (and it would be up to the user of that patch to decide whether the
> exceptions they were allowing were safe ones or not)
>
> Is this a silly idea ?
Actually, it sounds like a pretty good and necessary idea. There are certain
commands that will never work right within a chroot, and this could alleviate
that problem.
What does everyone else think?
> Perhaps the list of exceptions should exist outside the chroot ? I don't
> know.
It could be dynamic, but it would be safer if it were done at compile time.
Thanks.
--Kaleb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060310/1b799171/attachment.bin
More information about the scponly
mailing list