Re: [vserver] Are bind mounts to outside the /vserver base a security risk?

From: Daniel Hokka Zakrisson <>
Date: Mon 19 Nov 2007 - 16:55:58 GMT
Message-ID: <49102.>

Johan wrote:
> Hi Ed,
> Quoting Ed W <>:
>> If I have my chroot barrier set on /vserver and then bind mount (for
>> some reason) something from /var/xxx into a vserver, does this then
>> offer an (accidental) way to break out of the chroot using some kind of
>> ".." attack on the bind mount?

Bind mounts are safe. .. is relative to the mount-tree, and the fact that
it's a bind mount shouldn't matter.

> I don't think mounting another device poses a big _additional_ security
> risk.
> But, if you are concerned about breaking out of virtual hosts, than
> you probably have other worries, as virtual servers are not meant for
> security purposes.

Uhhh, what? That's exactly what they're meant for.

> Best regards,
> Johan.

Daniel Hokka Zakrisson
Received on Mon Nov 19 16:56:23 2007
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 19 Nov 2007 - 16:56:34 GMT by hypermail 2.1.8