diff options
Diffstat (limited to 'toys/other/chroot.c')
| -rw-r--r-- | toys/other/chroot.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/toys/other/chroot.c b/toys/other/chroot.c index e82dd803..4260d98f 100644 --- a/toys/other/chroot.c +++ b/toys/other/chroot.c @@ -1,6 +1,11 @@ /* chroot.c - Run command in new root directory. * * Copyright 2007 Rob Landley <rob@landley.net> + * + * TODO: The test for root is "==" so root can trivially escape a chroot by + * moving it below cwd, ala mkdir("sub"); chroot("sub"); chdir("../../../..") + * The container guys use pivot_root() to deal with this, which does actually + * edit mount tree. (New option? Kernel patch?) USE_CHROOT(NEWTOY(chroot, "^<1", TOYFLAG_USR|TOYFLAG_SBIN)) |