Chroot Jail Not Secure for Sandboxing Python?
"Martin v. Löwis"
martin at v.loewis.de
Mon Jun 25 17:17:38 EDT 2007
> The os.exec call prepends the chroot directory to the absolute path,
> but does NOT provide chroot for the child process. However, as long
> as the environment is maintained, which contains an LD_PRELOAD, the
> "chroot" will also be maintained. If LD_PRELOAD is removed or
> ignored, then the chroot is ineffective.
As others have mentioned (which I just repeat for additional
support): Your ISP is probably thinking of fakeroot, which
is entirely unlike chroot(2), with the latter being a proper
kernel mechanism, not dynamic library trickery (which would
indeed be easy to break out of).
Regards,
Martin
More information about the Python-list
mailing list