Subject: Re: chroot(2)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Andrew Brown <>
List: tech-kern
Date: 10/04/1998 14:17:07
>> something like checking
>> curproc->p_fd->fd_rdir <=> proc0->p_fd->fd_rdir would tell you if it
>> was chrooted, eh?
>Yes, it would.
>However, if *root* did the chroot, there's no need to disable set-id.
>That's why I proposed a separate state bit for the process, indicating
>that it has done a non-root chroot.  (Root processes that want to
>chroot and then become non-root and drop ability to set-id can do it by
>doing a chroot("/") after becoming non-root.)

"however, if *root* did the chroot, there's no need"...for root to run
a suid binary to regain privileges.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"      * "information is power -- share the wealth."