Subject: Re: chroot(2)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Julian Assange <>
List: tech-kern
Date: 10/05/1998 23:02:10
> Yeah...I tend to use chroot(8) to do the chroot, then have a tiny
> program in the new root that does setuid() and execs the relevant
> binary.  That way there doesn't need to be any untrusted code run as
> root, it's chrooted, and in some cases there can even be no set-id
> programs accessible in the jail....

chroot(8) is fundamentally broken, as it requires the executable to 
be inside the jail.