tech-kern: Re: chroot: why super-user only?

Subject: Re: chroot: why super-user only?
To: None <tech-kern@netbsd.org>
From: David Young <dyoung@pobox.com>
List: tech-kern
Date: 01/23/2003 17:46:54

On Thu, Jan 23, 2003 at 03:02:26PM -0800, Greywolf wrote:
> [DY: Put another way, under what conditions is it safe for a non-root user
> [DY: to chroot(2)?
> 
> This falls into the same category of "Under what conditions is it safe to
> point a loaded gun at oneself?", really.

  No. Under what conditions is it a squirt gun? =)

> You would need to disallow set-id execution (and, arguably, device
> access.)  The effects of this are left as an exercise for the
> practitioner.

  Device access? Explain, please?

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Engineering from the Right Brain
                        Urbana, IL * (217) 278-3933