>> something like checking
>> curproc->p_fd->fd_rdir <=> proc0->p_fd->fd_rdir would tell you if it
>> was chrooted, eh?
>
>Yes, it would.
>
>However, if *root* did the chroot, there's no need to disable set-id.
>That's why I proposed a separate state bit for the process, indicating
>that it has done a non-root chroot.  (Root processes that want to
>chroot and then become non-root and drop ability to set-id can do it by
>doing a chroot("/") after becoming non-root.)

"however, if *root* did the chroot, there's no need"...for root to run
a suid binary to regain privileges.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."