Slide 23
Slide 23 text
LinuxέʔύϏϦςΟ
• chroot(2)ಛݖϓϩηεͰͳ͍ͱίʔϧͰ͖ͳ͍
• (ݫີʹCAP_SYS_CHROOT)
• ͔͠͠ɺεʔύʔϢʔβͰಈ͔͢ͷෆ҆
• εʔύʔϢʔβͰಈ͔ͭͭ͠ɺcapabilities(7)Ͱඞཁͳ
ݖݶҎ֎Λམͱ͓ͯ͘͠
• CAP_CHOWN, CAP_DAC_OVERRIDE,
CAP_DAC_READ_SEARCH, CAP_FOWNER,
CAP_SETGID, CAP_SETUID, CAP_NET_BIND_SERVICE
ΛڐՄ