Subject: Re: chroot(2)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Julian Assange <firstname.lastname@example.org>
Date: 10/05/1998 23:02:10
> Yeah...I tend to use chroot(8) to do the chroot, then have a tiny
> program in the new root that does setuid() and execs the relevant
> binary. That way there doesn't need to be any untrusted code run as
> root, it's chrooted, and in some cases there can even be no set-id
> programs accessible in the jail....
chroot(8) is fundamentally broken, as it requires the executable to
be inside the jail.