*BSD News Article 37800


Return to BSD News archive

Xref: sserve comp.os.386bsd.bugs:2590 comp.os.386bsd.questions:14405
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!hpg30a.csc.cuhk.hk!news.hk.net!howland.reston.ans.net!gatech!newsxfer.itd.umich.edu!zip.eecs.umich.edu!quip.eecs.umich.edu!dmuntz
From: dmuntz@quip.eecs.umich.edu (Dan Muntz)
Newsgroups: comp.os.386bsd.bugs,comp.os.386bsd.questions
Subject: Re: chroot() in FreeBSD 1.1.5.1
Date: 11 Nov 1994 17:02:57 GMT
Organization: University of Michigan EECS Dept.
Lines: 12
Message-ID: <3a0841$nf7@zip.eecs.umich.edu>
References: <39vvl6$90m@clavin.uprc.com> <3a06kq$9bs@dagny.galt.com>
NNTP-Posting-Host: quip.eecs.umich.edu

In article <3a06kq$9bs@dagny.galt.com>, alex wetmore <alex@pc.cc.cmu.edu> wrote:
>[LaCoursiere J. D. (Jeff) wrote:]
>> Big question:  why can't normal users call chroot???
>
>I'm not sure why its implemented this way.  I thought I would find an 
>answer in Leffler, et al, but I just checked and it didn't say.  The source
>code for the system call doesn't say either.

It's for security reasons.  Hint: what might one do with setuid-0 executables
that contain fully qualified path names.

  -Dan