*BSD News Article 37900


Return to BSD News archive

Xref: sserve comp.os.386bsd.bugs:2605 comp.os.386bsd.questions:14457
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!uwm.edu!reuter.cse.ogi.edu!netnews.nwnet.net!ns1.nodak.edu!heart.cas.und.nodak.edu!agassiz.cas.und.nodak.edu!not-for-mail
From: heilig@aero.und.nodak.edu (Zach Heilig)
Newsgroups: comp.os.386bsd.bugs,comp.os.386bsd.questions
Subject: Re: chroot() in FreeBSD 1.1.5.1
Date: 14 Nov 1994 22:02:14 -0600
Organization: University of North Dakota, Grand Forks
Lines: 19
Message-ID: <3a9bs6$73q@agassiz.cas.und.nodak.edu>
References: <39vvl6$90m@clavin.uprc.com> <3a06kq$9bs@dagny.galt.com> <3a0841$nf7@zip.eecs.umich.edu>
NNTP-Posting-Host: agassiz.cas.und.nodak.edu

In article <3a0841$nf7@zip.eecs.umich.edu>,
Dan Muntz <dmuntz@quip.eecs.umich.edu> wrote:
:In article <3a06kq$9bs@dagny.galt.com>, alex wetmore <alex@pc.cc.cmu.edu> wrote:
:>[LaCoursiere J. D. (Jeff) wrote:]
:>> Big question:  why can't normal users call chroot???
:>
:>I'm not sure why its implemented this way.  I thought I would find an 
:>answer in Leffler, et al, but I just checked and it didn't say.  The source
:>code for the system call doesn't say either.
:
:It's for security reasons.  Hint: what might one do with setuid-0 executables
:that contain fully qualified path names.

But, how do you get a setuid executable into a subdirectory that you have
write-access to.  (assuming all subdirectories that have general write
access set are on a different partition than the one that has setuid
executables).
-- 
	Zach Heilig	(heilig@aero.und.nodak.edu)