[buildd-tools-devel] Bug#587758: Bug#587758: schroot - Allows access to complete /dev by default
Roger Leigh
rleigh at codelibre.net
Thu Jul 1 13:06:04 UTC 2010
On Thu, Jul 01, 2010 at 02:47:59PM +0200, Bastian Blank wrote:
> Since some version, schroot mounts the complete /dev from the host. This
> is a security risk and not documented in the changelog.
I'll better document this. We now have a "minimal" (and "sbuild")
profile which do not mount /dev. Previously, default/fstab would
mount /dev, /dev/pts and /dev/shm so this is not changed from
earlier releases; however, rbinging /dev does mean any filesystems
mounted in addition to these three will be made available inside the
chroot. For most users, there is no change at all to /dev mounting;
do you have any other filesystems mounted under /dev in addition to
these three?
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100701/25d4e4e7/attachment.pgp>
More information about the Buildd-tools-devel
mailing list