Subject: Re: chroot(2)
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 10/04/1998 22:31:22
>> However, if *root* did the chroot, there's no need to disable
>> set-id.  That's why I proposed a separate state bit for the process,
>> indicating that it has done a non-root chroot.
> "however, if *root* did the chroot, there's no need"...for root to
> run a suid binary to regain privileges.

Not necessarily true.  If you've set up a shadow system (say you're
testing a new userland), you may have some services in inetd set up to
chroot to the new tree before running their which case you
more or less *need* the new system to behave as much like a real system
as possible, including having set-id binaries work.

chroot isn't just for jails.

					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B