Subject: Re: chroot(2)
To: Todd Vierling <>
From: Eduardo E. Horvath <>
List: tech-kern
Date: 10/13/1998 12:49:30
Why do I always get involved in these sorts of things?  Sigh....

On Tue, 13 Oct 1998, Todd Vierling wrote:

> : > All the standard methods for breeching root are disabled: su doesn't
> : > work, login doesn't work,
> Since when are login and su disabled in a chrooted environment withthe
> current implementation?

You're missing the original context.  We were discussing allowing
chroot(2) to be used by non-root users and the security implications.
After a huge list of changes that would need to be made I suggested that
things were getting complicated and most of the security coult be achieved
if the set[gu]id bits were ignored after a user did a chroot(2).  Then the
only other major hole would be device nodes.

Eduardo Horvath
	"I need to find a pithy new quote." -- me