Return to BSD News archive
Xref: sserve comp.os.386bsd.bugs:2605 comp.os.386bsd.questions:14457 Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!uwm.edu!reuter.cse.ogi.edu!netnews.nwnet.net!ns1.nodak.edu!heart.cas.und.nodak.edu!agassiz.cas.und.nodak.edu!not-for-mail From: heilig@aero.und.nodak.edu (Zach Heilig) Newsgroups: comp.os.386bsd.bugs,comp.os.386bsd.questions Subject: Re: chroot() in FreeBSD 1.1.5.1 Date: 14 Nov 1994 22:02:14 -0600 Organization: University of North Dakota, Grand Forks Lines: 19 Message-ID: <3a9bs6$73q@agassiz.cas.und.nodak.edu> References: <39vvl6$90m@clavin.uprc.com> <3a06kq$9bs@dagny.galt.com> <3a0841$nf7@zip.eecs.umich.edu> NNTP-Posting-Host: agassiz.cas.und.nodak.edu In article <3a0841$nf7@zip.eecs.umich.edu>, Dan Muntz <dmuntz@quip.eecs.umich.edu> wrote: :In article <3a06kq$9bs@dagny.galt.com>, alex wetmore <alex@pc.cc.cmu.edu> wrote: :>[LaCoursiere J. D. (Jeff) wrote:] :>> Big question: why can't normal users call chroot??? :> :>I'm not sure why its implemented this way. I thought I would find an :>answer in Leffler, et al, but I just checked and it didn't say. The source :>code for the system call doesn't say either. : :It's for security reasons. Hint: what might one do with setuid-0 executables :that contain fully qualified path names. But, how do you get a setuid executable into a subdirectory that you have write-access to. (assuming all subdirectories that have general write access set are on a different partition than the one that has setuid executables). -- Zach Heilig (heilig@aero.und.nodak.edu)