[Nix-dev] Making Nix use pivot_root in addition to chroot
Colin Walters
walters at verbum.org
Wed Dec 10 00:41:25 CET 2014
On Tue, Dec 9, 2014, at 06:25 PM, Luca Bruno wrote:
> It still needs linux-user-chroot to be suid, doesn't it?
Right. I do believe it's secure in the sense that someone couldn't use
it alone to compromise system *integrity*. And it has passed at least
two third party security reviews; fixes resulted from Marc Deslauriers'
review, see the git log.
However, it does make it even easier to mount local, authenticated DoS
attacks. Of course, there are plenty of other vectors for that too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20141209/dcf79b02/attachment.html
More information about the nix-dev
mailing list