-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Steven" == Steven M Bellovin <smb@cs.columbia.edu> writes:
    Steven> I'm thinking out loud here, so I may easily be confused,
    Steven> but...

    Steven> What if we replaced the chroot() system call by an overlay
    Steven> file system, mounted over some subtree?  The advantage is
    Steven> that that file system could be mounted read-only, nosuid,
    Steven> nodev, even noexec.

So,
	chroot("/my/foo");

becomes the same as something:
	mount -o ro,nosuid,noexec,nodev -t union /something /my/foo
	chroot /my/foo

(where /something might even be /)

I'm a bit ignorant of union file systems wrt: "nodev". If the lower file
system has "dev" enabled, and the upper file system has "nodev", does
that mean that the /dev entries show through, but that when you try to
create new ones, they don't work?

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQ2jfJoqHRg3pndX9AQH0zgQAxdJPr3CHesfoU0jMPKEiSE/1p7Bm/P55
aIIA62R9p4XKs2rIV9x5UkwvaSHHK+41VO1zNhLdk2jqlYZoR0WqUETRgfkdJ6XE
fQ0wo5+K7g5sWV0EqwMGtLq2pbRnYPGuGd77V+JP34QUNjFg+sTFQAjgPscR+NHw
numHxIzBjyY=
=+eEM
-----END PGP SIGNATURE-----