Subject: Re: chroot: why super-user only?
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 01/24/2003 14:35:48
>>> Or am I missing another vulnerability?
>> You're missing another vulnerability.  [...]
> How is this an issue if we disalow Set-id on non-root chroot()?

It's not.

> The idea of making chroot usable by non-root has been floated, and
> everone has taken the lack of honoring set-id as a given.

It wasn't clear to me that was part of what you outlined.  I must have
missed whatever caused everyone else to assume no set-id.

> What else do we need?

I'm not sure.  Perhaps nothing - but I'm not _nearly_ sure enough of
that to bet my systems' security on it.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B