On 08/01/2010 01:44 PM, JohnS wrote:
It *WILL* work It is called "Outside to In"&& mount -o bind will also.
You previously described symlinking "out" to the root filesystem, which is impossible. Symlinks cannot resolve to files outside of a chroot environment. Hard links can.
It is, however, possible to create a symlink in the primary root filesystem which points to a file inside a tree used for chroot, if that is what you mean by "outside to in". In that case, your previous post was simply unclear.
The difference depends on what is exactly the person needs. IE (which way). It will also allow a "Jail Break" Out& In. So security goes out the window. In effect Zero Day here we are.
Symlinks do not allow you to break out of a chroot. In fact, chroot isn't a security mechanism. chroot will confine any non-root process, but any root process can escape a chroot simply by setting its cwd to the root directory and then calling chroot() to any directory. The process will then have a cwd outside its own root filesystem, and can access the filesystem outside of the path it was originally using as its chroot.
The term "zero day" normally describes a software exploit which was not previously known. I don't believe it applies to anything you described.