I've read a lot of articles suggesting that you use chroot to create a sandboxed environment for users. Then I came across this
discussion, and this
article.
Is this still a valid security concern? (These are pretty old articles.) If so, here's why I'm struggling with the concepts presented:
If a user's chroot directory is actually /home/sam/jail, and the user creates a subdirectory of that, say /home/sam/jail/break then from the user's perspective, the following:
chroot ./break
cd ..
cd ..
cd ..
...
should only get the user as far as /home/sam/jail, right?