Subject: Re: chroot(2)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Andrew Brown <email@example.com>
Date: 10/04/1998 14:17:07
>> something like checking
>> curproc->p_fd->fd_rdir <=> proc0->p_fd->fd_rdir would tell you if it
>> was chrooted, eh?
>Yes, it would.
>However, if *root* did the chroot, there's no need to disable set-id.
>That's why I proposed a separate state bit for the process, indicating
>that it has done a non-root chroot. (Root processes that want to
>chroot and then become non-root and drop ability to set-id can do it by
>doing a chroot("/") after becoming non-root.)
"however, if *root* did the chroot, there's no need"...for root to run
a suid binary to regain privileges.
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."