Subject: Re: chroot(2)
To: NetBSD Kernel Technical Discussion List <>
From: Michael Graff <>
List: tech-kern
Date: 10/01/1998 22:19:28 (Greg A. Woods) writes:

> there are a *lot* of things you need to turn off for any non-root
> process that wants to lock itself in a chroot'ed jail.  You essentially
> have to assume there are only two valid user-ids, that of the process
> and zero, and you can't allow any setuid exec(), no mknod(), no symbolic
> or hard links out of the jail, and probably a bunch of other things I've
> forgotten, and of course setting up such a jail in a safe configuration
> is non-trivial.

I'd also like to have user and group level access to TCP/UDP ports.
That way, I can start up named in a chroot()ed directory, as a
non-root user, and still have it open port 53 at will.